I jumped the gun slightly when I said previously that there was no recording of my talk, the camera managed to catch the first 2+ minutes of the presentation. Just enough time for a brief overview of the intention behind honeypot systems. Direct Link. The rest of the Super Mondays event was recorded more successfully. […]
Monthly archives: May 2009
May SuperMondays Presentation: The Aftermath
I had a really enjoyable night at last night’s SuperMondays event. Some of the innovative uses for technology on display from Newcastle University provided a great glimpse of where we could be heading in the future towards ubiquitous computing. Of special interest were the research being undertaken with surface computing, which seems to have taken […]
Cheat Sheets
OK, so we’d all like to be 1337 and know everything without missing a beat, but for mere mortals like myself I find that impossible so I’m a fan of the various cheat sheets that people and organisations put out for succinct, to the point memory joggers.
Random Malware Analysis
Having recently been left with several hours to kill with nothing but a laptop and my virtual lab I thought I’d try my hand at some rudimentary malware analysis. For a random live sample I selected the most recent submission to my Nepenthes Server. $ tail -n1 /opt/nepenthes/var/log/logged_submissions[2009-05-21T19:10:59] 90.130.169.175 -> 195.97.252.143 creceive://90.130.169.175:2526 93715cfc2fbb07c0482c51e02809b937 To start […]
May SuperMondays (on a Tuesday)
For those that don’t know I’m scheduled to give a presentation at the upcoming Super Mondays meeting next week. The topic of the presentation is malware honeypots, and is based as a follow up to my original Honeypotting with Nepenthes, and I’m hoping to discuss some statistics generated by my submissions2stats.py script from my honeypot […]
Phorm e-Petition Response
Quick heads up to anyone following the Phorm/privacy debates: The government’s response to an e-petition to ask the government to stop ISP’s from breaching privacy laws has been released. The full response can be read here, it’s fairly short so I won’t go into too much detail, but I’m glad to see the government is […]
submissions2stats.py
Several days of playing working with the raw data and a couple of intermediate scripts (csv & mysql) have paid off. I’m now ready to release the first version of Infosanity‘s Nepenthes log parser. This utility is substantially larger than my previous two releases (although still small) so I’ll not include source code here, head […]
submissions2mysql.py
Utility script in a similar vein to submissions2csv.py, the script reads Nepenthes’ logged_submissions file from stdin and dumps the information into a MySQL database table. Initially this serves the same purpose as it’s CSV counterpart, importing the date into system with powerful search and filter functionality. However this may be useful if wanting to work […]
submissions2csv.py
Whenever I’m analysing large amounts of data I prefer to start the analysis within a spreadsheet as I find the built in capabilities invaluable for some quick and dirty data diving. This typically allows for a good overall understanding of the data set and available statistics without spending time coding before the required statistics are […]