For those that don’t know I’m scheduled to give a presentation at the upcoming Super Mondays meeting next week. The topic of the presentation is malware honeypots, and is based as a follow up to my original Honeypotting with Nepenthes, and I’m hoping to discuss some statistics generated by my submissions2stats.py script from my honeypot […]
Category archives: Honeypot
submissions2stats.py
Several days of playing working with the raw data and a couple of intermediate scripts (csv & mysql) have paid off. I’m now ready to release the first version of Infosanity‘s Nepenthes log parser. This utility is substantially larger than my previous two releases (although still small) so I’ll not include source code here, head […]
submissions2mysql.py
Utility script in a similar vein to submissions2csv.py, the script reads Nepenthes’ logged_submissions file from stdin and dumps the information into a MySQL database table. Initially this serves the same purpose as it’s CSV counterpart, importing the date into system with powerful search and filter functionality. However this may be useful if wanting to work […]
submissions2csv.py
Whenever I’m analysing large amounts of data I prefer to start the analysis within a spreadsheet as I find the built in capabilities invaluable for some quick and dirty data diving. This typically allows for a good overall understanding of the data set and available statistics without spending time coding before the required statistics are […]
Honeypotting with Nepenthes
If you’ve got an interest in information security, then there is a good chance that you’ve got a good handle on malware in all it’s (in)glorious forms. The books, articles and war stories are nice, interesting and can result in some improved knowledge but to get a real feel for malware nothing beats live samples. […]