The Honeynet Project

The Honeynet Project - R&D for Honeypot/Honeynet Technology and InfoSec Research

Technologies
python, c/c++, machine learning, golang, python 3
Topics
sandbox, networking, honeypots, deception, malware
The Honeynet Project - R&D for Honeypot/Honeynet Technology and InfoSec Research

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.

Our achievements are based on the principles of open source and volunteer efforts, with all software or papers created being licensed as open source and made freely available to the community.

We help coordinate the development, deployment, advancement and research findings of honeypot and anti-malware related technologies. With over 45 international chapters, 350 members and 30 open source research projects around around the world, we are a mature, highly diverse and international organization.

Simply put, our goal is to make a difference. We accomplish this via:

Awareness - We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals & organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information, so people can better understand that they are a target, and understand the basic measures they can take to mitigate these threats. This is provided through our Know Your Enemy series of papers.

Tools - For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. All tools are specifically licensed open source. Organizations all over the world use our tools.

Information - In addition to raising awareness, we provide details to better secure assets. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our periodic Scan of the Month challenges.

The Honeynet Project uses GSoC as a incubator for new R&D projects, and to recruit active new members.

2018 Program

Successful Projects

Contributor
Vlad Florea
Mentor
Marcin Szymankiewicz, Adel Karimi
Organization
The Honeynet Project
Honeypot Detection Tool
The goal of this project is to create a tool that can scan a system for features which would let an attacker know prematurely it is a honeypot. This...
Contributor
Viswak Hanumanth G K
Mentor
Evgeniia Tokarchuk, Lukas Rist
Organization
The Honeynet Project
SNARE/TANNER
SNARE is a web application honeypot sensor attracting all sort of maliciousness from the Internet. The web page is generated by cloning a real web...
Contributor
Pietro Tirenna
Mentor
Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer
Organization
The Honeynet Project
Google Protocol Buffers Serialization
The basic idea behind the project is to shift mitmproxy serialization process to a new, clean standard format. Using Google Protocol Buffers will...
Contributor
Anant Joshi
Mentor
Hanno Lemoine, Yuanchun Li
Organization
The Honeynet Project
Semi-automated DroidBot: Semi-automated Android UI testing
The solution will consist of an Android app, that will read the input provided by the user, and generate an interaction model, which can be read by...
Contributor
CapacitorSet
Mentor
Remco Verhoef
Organization
The Honeynet Project
Implementing Yara rules in Honeytrap
Yara is a pattern-matching DSL developed to describe malware families; in this project, it is used to describe malicious actors interacting with a...
Contributor
Boddu Manohar Reddy
Mentor
Tamas K Lengyel, Rian Quinn
Organization
The Honeynet Project
LibVMI extensions: Bareflank hypervisor support
Hypervisor (Virtual Machine Monitor) is a software that runs one or more virtual machines. Other than virtualization in cloud, they are also used in...
Contributor
Saumo Pal
Mentor
Hanno Lemoine, Yuanchun Li
Organization
The Honeynet Project
Droidbot with AI
The major task to be tackled in this project is to increase the code coverage using AI. Currently droidbot performs black box testing using the GUI...
Contributor
Stewart Sentanoe
Mentor
Tamas K Lengyel, vpb
Organization
The Honeynet Project
DRAKVUF - Stealthiness Improvement
DRAKVUF (https://drakvuf.com) is an agent-less and virtualization based black-box binary analysis system. It allows users to analyze any binaries and...
Contributor
Lele Ma
Mentor
Steven Maresca, Tamas K Lengyel
Organization
The Honeynet Project
Port LibVMI to Xen MiniOS
In this project, the core functionalities of the LibVMI will be ported to Xen MiniOS. After ported, Xen MiniOS will have the basic capabilities of...
Contributor
Ulrich Fourier
Mentor
Sergej Proskurin, Tamas K Lengyel
Organization
The Honeynet Project
#9 - DRAKVUF: Support for Dynamic Malware Analysis on ARM
The relevance of ARM processors is rising. Especially since ARM recently started targeting the servers and desktop market, thus going beyond the...
Contributor
Arushit Mudgal
Mentor
Angelo Dell'Aera
Organization
The Honeynet Project
Thug: Python 3 Port and PyV8 Replacement
Thug is a Python low-interaction honeyclient aimed at mimicking the behavior of a web browser in order to detect and emulate malicious contents. This...
Contributor
ctsung
Mentor
Huang Xiao, Bojan Kolosnjaji
Organization
The Honeynet Project
Automated Malware Relationship Mining
Since last year, Holmes-Processing has acquired a large dataset of labeled malware samples, which can be used for deep learning based malware...
Contributor
Mathieu Dolmen
Mentor
Tamas K Lengyel, vpb
Organization
The Honeynet Project
DRAKVUF : Process Injector Enhancement
DRAKVUF allows to inject a binary directly into a running virtual machine. The current implementation uses either CreateProcessA() or ShellExecuteA()...
Contributor
Abhinav Saxena
Mentor
Johnny Vestergaard, /)/)
Organization
The Honeynet Project
#15 - CONPOT: Protocols Wave #2
Conpot is an ICS/SCADA honeypot that supports a number of industrial protocols and environments. For Conpot to emulate industrial devices better,...
Contributor
Harikrishnan R
Mentor
Peng, Yue
Organization
The Honeynet Project
Trusted Execution Environment Based Dynamic Analysis on ARM
The purpose of this project is to constructure a monitor (like eBPF in the latest version linux kernel) in the “secure world” which can collect...
Contributor
Roman Samoilenko
Mentor
Aldo Cortesi, Maximilian Hils, Thomas Kriechbaumer
Organization
The Honeynet Project
Mitmproxy improvements
There is one big and very interesting task. I need to Implement DSL for commands. Current implementation of Mitmproxy commands fulfills its duties,...
Contributor
Vakaris
Mentor
Daniel Goldberg, Ofri Ziv
Organization
The Honeynet Project
New exploiters in Infection Monkey
New non-destructive vulnerabilites Oracle WebLogic vulnerability (CVE-2017-10271) and Struts RCE vulnerability (S2-045) will be added to Infection...