Dear honeypot enthusiasts, a quick note: I made some last minute changes to v1.2 of Kippo-Graph and recreated the archive. Please pull master or re-download the file (the checksums have also changed). Thanks for your support!
Jul 17 2014
Kippo-Graph 1.2 released!
This is the release of another version of Kippo-Graph, reaching version 1.2!
Kippo-Graph 1.2 is mostly a maintenance release, but I’ve also fixed and added more features so updating is strongly recommended!
The most significant change concerns the virus scanning of attackers’ downloaded files. Unfortunately, NoVirusThanks have stopped offering their service due to costs of maintenance, but I switched to Gary’s Hood Online Virus Scanner so it should be working again! I have actually added a new module called “Kippo-Scanner” which will serve as the basis for future functionality on AV and anti-malware submissions.
A new language, Czech, has been added and lastly, Kippo-Graph now ships with a “config.php.dist” file that you should copy as “config.php”.
Download: kippo-graph-1.2 or clone/pull from GitHub: https://github.com/ikoniaris/kippo-graph
MD5 Checksum: 71BC1E8CA7886FF130AC2D5071A7FF06
SHA-1 Checksum: 4D3D968AC42F3E0141DA3DAF44165FD6A5E7D923
CHANGES:
Version 1.2:
+ Substituted the defunct NoVirusThanks with Gary’s Hood Online Virus Scanner.
+ Added Kippo-Scanner module to handle (future) AV and anti-malware submissions.
+ Added IP-address.com’s tracer to Kippo-Geo IPs.
+ Added Czech language support.
+ Added robots.txt file to disallow crawling by bots.
+ Added .gitgnore to exclude config.php file from VCS.
For comments, suggestions, fixes, please use the Kippo-Graph page: http://bruteforce.gr/kippo-graph
Jul 15 2014
Honeypots workshop at BSidesLV 2014!
I am very happy to announce that a honeypots workshop will take place during BSides Las Vegas this year! BSides is a fantastic community driven InfoSec convention and Las Vegas is the best place to be in August!
The workshop is titled “You Hack, We Capture: Attack Analysis with Honeypots“, lasts half a day (4 hours) and will be presented by me.
It takes place on Wednesday the 6th of August, from 10AM to 1PM.
Spots are numbered and limited to 28 participants! If you want to reserve a seat, you can do so via this Eventbright page: https://www.eventbrite.com/e/bsides-lv-2014-workshops-tickets-12279453175 (it’s 4th on the list)
Here is the workshop’s description:
Honeypots are systems aimed at deceiving malicious users or software that launch attacks against the infrastructure of various organizations. They can be deployed as protection mechanisms for an organization’s real systems, or as research units to analyze the methods employed by human hackers or malware. In this workshop we will study the operation of two research honeypots. A honeypot system will undertake the role of a web trap for attackers who target the SSH service. Another one will undertake the role of a malware collector, usually deployed by malware analysts to gather and store malicious binary samples. We will also talk about post-capturing activities and further analysis techniques. Furthermore, visualization tools and techniques will be presented, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots an easy task.
Hope to see you all in Vegas!
Jul 13 2014
Dionaea-Vagrant demo
Dionaea-Vagrant demonstration: setting up a Dionaea malware honeypot in under 8 minutes with a single (almost) command!
An (old) interesting paper by Vesselin Bontchev: The Bulgarian and Soviet Virus Factories
Abstract: It is now well known that Bulgaria is leader in computer virus production and the USSR is following closely. This paper tries to answer the main questions: Who makes viruses there, What viruses are made, and Why this is done. It also underlines the impact of this process on the West, as well as on the national software industry.
Posted on:
June 28, 2014
Jun 25 2014
Kippo-Graph 1.1 released!
This is the release of another version of Kippo-Graph, reaching version 1.1!
It wasn’t a long time ago that I deemed Kippo-Graph as “complete”. Turns out that Markus didn’t share the same view and so he decided to do something about it.
Kippo-Graph 1.1 comes with added information about each session playing in Kippo-Playlog.
Information includes: list of downloaded files during the session with links (as in Kippo-Input), dig and host output and GeoLocation data with GoogleMaps.
Download: kippo-graph-1.1 or clone/pull from GitHub: https://github.com/ikoniaris/kippo-graph
MD5 Checksum: BCD4173AD8F5028DAC16125AF913BC64
SHA-1 Checksum: 1CC3A42ED2765DD19311F25BE17ACCF88890FF94
CHANGES:
Version 1.1:
+ Added downloads, dig output and geolocation of current session in Kippo-Playlog.
For comments, suggestions, fixes, please use the Kippo-Graph page: http://bruteforce.gr/kippo-graph