Mercury Live DVD was initially (I believe) announced in a post to the Nepenthes Mailing list. It is a remastered Ubuntu distribution with pre-installed honeypot applications and malware analysis tools created by John Moore.
I’ve just completed a new Nepenthes installation, and found the process far simpler than my first attempt as I didn’t compile from source.
Following on from the move from Nepenthes to Dionaea, I’m decomissioning my Nepenthes server to start afresh with Dionaea. As such I thought I’d share the final statistics using InfoSanity’s statistic script for Nepenthes.
The latest post (dated October 27th 2009) on the Nepenthes site indicates that development on Nepenthes is coming to a close, stating 7 reasons preventing newer features being implemented with Nepenthes. As a result I’m stopping development on my statistics scripts for parsing the Nepenthes’ log files. The good news is that work on Nepenthes’ spiritual successor is well underway, in the form of Dionaea.
Zero Wine is: an open source (GPL v2) research project to dynamically analyze the behavior of malware. Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program. The output generated by wine (using the debug environment variable WINEDEBUG) are […]
I jumped the gun slightly when I said previously that there was no recording of my talk, the camera managed to catch the first 2+ minutes of the presentation. Just enough time for a brief overview of the intention behind honeypot systems. Direct Link. The rest of the Super Mondays event was recorded more successfully. […]
I had a really enjoyable night at last night’s SuperMondays event. Some of the innovative uses for technology on display from Newcastle University provided a great glimpse of where we could be heading in the future towards ubiquitous computing. Of special interest were the research being undertaken with surface computing, which seems to have taken […]
Having recently been left with several hours to kill with nothing but a laptop and my virtual lab I thought I’d try my hand at some rudimentary malware analysis. For a random live sample I selected the most recent submission to my Nepenthes Server. $ tail -n1 /opt/nepenthes/var/log/logged_submissions[2009-05-21T19:10:59] 184.108.40.206 -> 220.127.116.11 creceive://18.104.22.168:2526 93715cfc2fbb07c0482c51e02809b937 To start […]
For those that don’t know I’m scheduled to give a presentation at the upcoming Super Mondays meeting next week. The topic of the presentation is malware honeypots, and is based as a follow up to my original Honeypotting with Nepenthes, and I’m hoping to discuss some statistics generated by my submissions2stats.py script from my honeypot […]
Several days of playing working with the raw data and a couple of intermediate scripts (csv & mysql) have paid off. I’m now ready to release the first version of Infosanity‘s Nepenthes log parser. This utility is substantially larger than my previous two releases (although still small) so I’ll not include source code here, head […]