http://chinese.honeynet.org/chapters/china Chinese Chapter(i.e. The Artemis Project) led by Jianwei Zhuge; Research focus: client honeypot, high-interaction honeypot, malware col and analysis en http://chinese.honeynet.org/node/484 <p>Hi all:</p> <p>       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:</p> <p> </p> <p><a href="http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs">http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs</a></p> <p> </p> <p>        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.</p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/chapters/china" class="og_links">Chinese Chapter</a></li> </ul></div> GSoC Project #1 - Develop and Improve PhoneyC Chinese Chapter gsoc libemu phoneyc shellcode spidermonkey Mon, 10 Aug 2009 15:19:38 -0400 zhijie.chen 484 at http://chinese.honeynet.org http://chinese.honeynet.org/node/471 <p>As the console spy is almost finished, the next stage is mainly for network activities. Sebek Win32 version uses TDI hook to get this done. However, since getting driver object in virtualization layer is hard and TDI is TDI is on the path to deprecation, I need to find another way. The best solution seems to be hooking NtDeviceIoControlFile, the API Windows uses to do network related stuff and has been widely mentioned in malware behavior analysis papers. After some days of searching, I encounter a very useful resources today, a master thesis from TTAnalyze team:</p> <p> </p><div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/chapters/china" class="og_links">Chinese Chapter</a></li> </ul></div> GSoC Project #3 - Qebek: QEMU Based Sebek Chinese Chapter qebek windows socket network Thu, 30 Jul 2009 12:01:41 -0400 chengyu.song 471 at http://chinese.honeynet.org http://chinese.honeynet.org/node/336 <p><strong>The Honeynet Project Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)</strong><br /> <strong></strong><br /> <strong>ORGANIZATION </strong><br /> <strong></strong><br /> 1. Changes in the structure of your organization.<br /> All members of Chinese Chapter (i.e. The Artemis Project) are still from ERCIS, Institute of Computer Science and Technology, Peking University, China. Although we are seaking for contributors from other organizations.</p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/chapters/china" class="og_links">Chinese Chapter</a></li> </ul></div><p><a href="http://chinese.honeynet.org/node/336">read more</a></p> Chinese Chapter Wed, 14 Jan 2009 07:35:49 -0500 jianwei.zhuge 336 at http://chinese.honeynet.org http://chinese.honeynet.org/about <p>Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public. With Chapters around the world, our volunteers are firmly committed to the ideals of OpenSource. Our goal, simply put, is to make a difference. We accomplish this goal in the following three ways. <strong></strong></p> <div class="og_rss_groups"><ul class="links"><li class="first last og_links"><a href="/chapters/chicago" class="og_links">Chicago Chapter</a></li> </ul></div><p><a href="http://chinese.honeynet.org/about">read more</a></p> West Point Chapter UNCC Chapter UNAM Chapter UK Chapter Taiwan Chapter Spartan Devils Chapter Spanish Chapter Singapore Chapter Portuguese Chapter Philippines Chapter Pakistan Chapter Orange County Chapter Norwegian Chapter New Zealand Chapter Mexican Chapter Malaysian Chapter Hong Kong Chapter Hawaiin Chapter Global Chapter Giraffe Chapter German Chapter French Chapter Czech Chapter CyberSecurity Malaysia Chapter Chinese Chapter Canadian Chapter Brazilian Chapter Australian Chapter Alaskan Chapter Chicago Chapter Sun, 10 Aug 2008 20:54:48 -0400 drupal 67 at http://chinese.honeynet.org