http://blog.infosanity.co.uk Offensive and Defensive IT Security Thu, 02 Feb 2012 15:40:26 +0000 hourly 1 http://wordpress.com/ http://blog.infosanity.co.uk/2010/09/22/mercury-live-honeypot-dvd/#comment-1196 Thu, 02 Feb 2012 15:40:26 +0000 http://blog.infosanity.co.uk/?p=827#comment-1196 Very last link on the post leads to a mirror, download is all but a couple of left clicks away….

]]> http://blog.infosanity.co.uk/2010/09/22/mercury-live-honeypot-dvd/#comment-1195 Thu, 02 Feb 2012 15:34:07 +0000 http://blog.infosanity.co.uk/?p=827#comment-1195 I don’t know how to download Mercury Live DVD. Can you help me?

]]> http://blog.infosanity.co.uk/2010/04/17/basic-honeyd-configuration/#comment-1194 Tue, 31 Jan 2012 21:01:05 +0000 http://blog.infosanity.co.uk/?p=541#comment-1194 [...] sensor. I had thought I’d already written about this so initially went to find the article on honeyd configuration; but my memory was wrong and the original post only covered configuring the guest systems, not the [...]

]]> http://blog.infosanity.co.uk/2010/01/19/starting-with-honeyd/#comment-1193 Tue, 31 Jan 2012 21:01:01 +0000 http://infosanity.wordpress.com/?p=440#comment-1193 [...] was recently asked about the network configuration I use for my honeyd sensor. I had thought I’d already written about this so initially went to find the article on [...]

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1192 Sat, 28 Jan 2012 03:43:24 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1192 I haven’t really had anything interesting to analyze lately. I brought home a sample from work to try it in Cuckoo, but it really didn’t produce any results.

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1190 Thu, 26 Jan 2012 08:01:13 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1190 Thanks for the update Ken, glad you got it sorted. Have you had any interesting results, or just getting setup for a rainy day?

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1189 Thu, 26 Jan 2012 01:22:40 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1189 Just a quick follow up. I figured out what happened, though don’t know why it happened. For some reason, my virtual machine got unregistered, so I had to re-register it and now all is fine.

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1188 Thu, 26 Jan 2012 00:35:49 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1188 I hadn’t used Cuckoo for awhile and tried to use it today. Oddly enough, even though it worked just fine last time I used it, now I get the “Could not find a registered machine named ‘Cuckoo1″ message. Not sure what the problem is, but may have to reinstall everything.

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1125 Fri, 30 Dec 2011 19:44:56 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1125 Thanks Ken, always good to know I’m not the only one to make what seem like daft mistake as I’m setting up new tools let me know if you get any interesting results, a lot of the samples I’ve had to hand recently are getting dated so analysis hasn’t been as interesting as I would like.

]]> http://blog.infosanity.co.uk/2011/12/29/cuckoo-sandbox-101/#comment-1117 Thu, 29 Dec 2011 22:48:59 +0000 http://blog.infosanity.co.uk/?p=1141#comment-1117 Nice review. I just installed Cuckoo last night for the first time. I ran in to the snag you did regarding creating the VM under a different user, etc. I also failed to set the setup folder in the shared folders as read only, which caused a problem. However, after getting around my errors, I got it running and am very impressed with it.

]]>