Dec 20 2013

Vagrant configuration for Dionaea malware honeypot

I am happy to announce another small side-project. This time, I decided to make a Dionaea malware honeypot VM available with one command (no kidding!)

Lately, I have been playing around with Vagrant which is a fantastic tool to include in your development workflow. Apart from others, Vagrant allows you to create virtual machines and provision them using simple shell scripts or configuration management software like Chef, Puppet, etc. You can then package and distribute a VM among your team so everyone starts with the same base (no more worries about missing dependencies, different versions or platforms) or create baselines for various systems in your environment. Read here for more benefits.

In any case, I have created some simple shell scripts to automate the installation, configuration and execution of Dionaea. These three are included in a so-called Vagrantfile (Vagrant’s configuration file) which is applied to a VM upon launch. To use it, first install VirtualBox and Vagrant itself for your OS version.

The files are located in a GitHub repo here:

So, you can now have a working Dionaea VM up and running in minutes by simply issuing:

git clone && cd dionaea-vagrant
vagrant up

This will download (only the first time) a virtual disk, create a new Ubuntu 12.04 LTS VM on the fly and start it, install Dionaea and all of its dependencies and execute it as daemon along with p0f. And that’s it!

You can then login into the machine by typing “vagrant ssh” or using an SSH client (e.g. PuTTY) and connect to localhost:2222 — username: vagrant, password: vagrant. Once inside the VM, type “ifconfig” to find out the IP address assigned to the bridged adapter (eth1), which you can use to forward ports from your home router back to the VM. For a list of ports used by Dionaea type “sudo netstat -antp | grep dionaea”.

If you want to stop the machine type “vagrant halt” (on the outer terminal, not inside the machine). Every time you want to start the honeypot VM a simple “vagrant up” issued inside the dionaea-vagrant directory is enough! (hint: see the list of CLI commands for more)

Enjoy and if you have any feedback let me know!

PS. If you want to refer to this project you can use this dedicated page (will be updated soon):

Dec 06 2013

To Kill a Centrifuge (Stuxnet Analysis)

Researcher Ralph Lagner‘s report on Stuxnet, a very informative and interesting document. Ralph has previously spoken about Stuxnet at TED as well.

Download (PDF, Unknown)


Case Study: 10 Steps to Agile Development without Compromising Enterprise Security


BlackHat USA 2012 – Owning Bad Guys (and Mafia) with Javascript Botnets


Christiaan008: The Honey project and CIC News Engine

Oct 07 2013

Kippo-Graph: version 0.9 is out!

This is yet another release of Kippo-Graph, reaching version 0.9!

In this version there is a new Spanish translation added, and with great pleasure I can also announce the first code contribution (Kippo-Graph is open source after all!) by “Kevin the Hermit”, who added CSV exporting capabilities for all the data. You will find a link to export to CSV next to every chart/table.

You can download the new version from here: kippo-graph-0.9, or preferably clone/pull from Kippo-Graph’s git repository hosted on GitHub:

As always, here are the checksums for the tar file:

MD5 Checksum: 8C499EECE8450862B6FBF3F3AED301A6
SHA-1 Checksum: 3C17D14ADB78C22BF8986C52AF03D6B2CF4187AF


Version 0.9:
+ Added CSV export capabilities.
+ Added Spanish language support.

For comments, suggestions, fixes, please use the Kippo-Graph page:


DEFCON 19: Three Generations of DoS Attacks (with Audience Participation, as Victims)

Page 10 of 31« First...89101112...2030...Last »