« GÉANT: Experiences with IDS and Honeypots

Ανάλυση malware, για όλους! [μέρος 1] »

Jan 16 2013

HoneyDrive 0.2 Nectar edition released!

Hello all :)

Once more, I’m in the happy position to announce a new release for HoneyDrive (Desktop)!
This is version 0.2 aka Nectar edition, which brings more honeypot and malware related tools on the distro.

You can download it from HoneyDrive’s SourceForge page at: http://sourceforge.net/projects/honeydrive/

Changes and additions on this version (in no particular order):

  1. Installed Kippo2Wordlist, a tool to create wordlists based on passwords used by attackers against Kippo SSH honeypot.
  2. Installed DionaeaFR , a visualization tool which was recently presented in a previous post.
  3. Added Kojoney SSH honeypot, patched version (updated scripts, new features, etc).
  4. Added Amun malware honeypot, along with useful scripts.
  5. Added Glastopf web honeypot, along with Wordpot WordPress honeypot.
  6. Installed mwcrawler, a script that parses malicious URL lists and downloads malware files (video).
  7. Added Thug, a honeyclient written in Python aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents.
  8. Added the following tools: Pipal, John the Ripper, IRCD-Hybrid, Origami, dsniff, hping, Scapy, Tcpreplay, tcptrace, sslstrip, libemu, Adminer.
  9. Added the Open Penetration Testing Bookmarks Collection to Firefox.

For comments, suggestions, fixes, please use the HoneyDrive page: http://bruteforce.gr/honeydrive

  • Black September

    Im mostly used to running High Interaction honeypots, they can be a fantastic source of information, but takes a lot of time configuring, monitoring and also a certain amount of risk. A honeynet of HI honeypots is not something i would recommend to beginners or to people with very little time on their hands.

    I first tested HoneyDrive last year, in the end of november. when BruteForce Labs released the 0.1 version. My first impression of this simple to use and easy to manage distro totally changed my conception about medium and low interaction honeypots (http://bruteforce.gr/honeydrive#comment-2819).

    The 0.1 version did not have any GUI options. This is not something im bothered about, but Ion actually pointed something very important out to me: “Most honeypots are not very easy to setup for the beginner infosec enthusiast or the new sysadmin and many times the process ends in frustration”. Thinking back on my first crash-and-burn-attempts i can only agree.

    The HoneyDrive Santa Edition came out during christmas, this time they added a GUI - yes, you still gonna have to bring out the command line to do certain things, but there is also a myriad of tools that is managed trough an easy to use interface.

    The learning curve for honeypots/honeynets is steep and long for a beginner. What BruteForce Labs have managed to do with the HoneyDrive releases is to make it more comprehensible and less steep for those who willing to learn.

    Honeypots can be both tun and educating, just keep this in mind: you are inviting the attackers into YOUR network, even with medium and low interaction honeypots there is a risk of the attacker breaking out your virtual machine and getting a foothold. Treat the host machine as compromised and keep it segregated from your “real” network.

    1aN0rmus over at TekDefense.com gave a really good and accurate description of the HoneyDrive:
    “As Backtrack is to offense, and The Security Onion is to defense, HoneyDrive is the premiere honeypot distro.”
    (http://www.tekdefense.com/news/2012/12/27/honeydrive-review.html)

    I gave the first release of HoneyDrive 10/10, something i now regret.
    Every new release of HoneyDrive is even better than the last one and i believe BruteForce Labs will keep impressing us in the future. Once again: thanks a million for all the hard work you put down!

    HoneyDrive, you gotta love this!! :D

    • http://bruteforce.gr Ion

      Hello Black September!
      Thanks for taking the time to write this great review!
      And of course thank you for the kind words about HoneyDrive :) I hope it will aid you in your security pursuits.

      FYI, your comment has been turned into a blog post ;)

      Regards,
      Ion.

  • Black September

    Hi Ion!

    I only wanted to keep my promise and tell you what i thought of the newest release. Its the least i can do after all the hard work thats been put into it. Glad the review was appreciated, thanks :)

    • http://bruteforce.gr/ Ion

      Hey I see that you started a blog on your own. Good luck :) Let me know if you write any posts on honeypots so I can share them here as well. Regards.

      • Black September

        Yes, i have. The blog will mainly be about honeypots/honeynets, malware etc.

        Im currently working on a project to create a medium/low interaction honeynet, involving HoneyDrive of coz :), but as im working full time its not moving forward as quickly id like it too.

        If im lucky ill have the honeynet up an running in 1 - 2 weeks, will try to update the blog as it proceeds and will be sure to let you know :)

  • Pingback: HoneyDrive review by a honeypot enthusiast - BruteForce Lab's Blog()

  • Pingback: HoneyDrive 3 Royal Jelly edition - BruteForce Lab's Blog()

More in Blog News, Honeypots, Malware, Virtualization, Visualization
GÉANT: Experiences with IDS and Honeypots
Visualizing Dionaea’s results with DionaeaFR
dork.db for Glastopf web honeypot
Visualizing a cyber attack on a VOIP server
TekTip ep18 - HoneyDrive
Close