Challenge 5 - Log Mysteries - (provided by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, Sebastien Tricaud from the French Chapter) takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to a virtual server using all the logs from a possibly compromised server...
Read more:
http://www.honeynet.org/challenges/2010_5_log_mysteries

Challenge 4 - VoIP - (provided by Ben Reardon from the Australian and Sjur Eivind Usken from Norwegian Chapter) takes you into the world of voice communications on the Internet. VoIP with SIP is becoming the de-facto standard for voice communication on the Internet. As this technology becomes more common, malicious parties have more opportunities and stronger motives to take control of these systems to conduct nefarious activities. This Challenge is designed to examine and explore some of attributes of the SIP and RTP protocols.

Submission deadline has been extended for the second challenge,
please check the main project website for more details.

https://www.honeynet.org/node/523

I have submitted some modifications to the monkey-spider honeyclient in a separate project branch. Here is what has been done in particular:

• Converted stand alone source files into OO classes/methods: msProcessFolder.py ( depends on msExtractArc.py, msScannerClamav.py, msStatsCollector.py )
• Improved Error handling when adding results into database
• Added functionlity to log all queries sent to the database into separate log files, so in case database gets corrupt it can be recovered from the log.

We are glad to announce that the Honeynet Project Forensics Challenges are back! The first challenge will be up on the Jan 18th and the winners will be announced by Feb 18th 2010. Top three submissions will receive great prizes, so get your tools ready and have fun! Please see honeynet.org blog post for more details.

Last year we presented the Honeynet project at Toronto TASK meeting,
This year Serge will talk about the project. His presentation will introduce the Honeynet Project, its research objectives, and the main technologies used. In addition, he will cover the current interests of the Canadian Chapter, future projects and contributing opportunities.

A new virus that infects Borland Delphi compiler have been discovered about a week ago - Induc Virus. Luckily, while crawling the internet looking for malware, we have found a copy of it, only 2 days after it has been discovered.

The source IP address of the URI came from China. The program itself is also in Chinese. We performed a quick behaviour and static analysis using Norman Sandbox and Virus Total respectfully. Below are the results.

Norman Sandbox:
[ DetectionInfo ]

We received 19 replies to the last question poll: "Which protocol does DNS use?". This post is aimed to summarize the results and explain possible confusions about DNS (Domain Name System) protocol.

Domain Name System protocol is used to resolve domain names, easily readable by humans (honeynetproject.ca) into IP addresses (192.168.0.1), more meaningful for computers.

The majority of answers were correct saying that DNS uses both TCP and UDP protocols (79%).

There are a lot of methods one can use for web-crawling seed lists:

• Typosquatted domain names
• Web engines search
• Blacklists
• Spam emails

As a member of the Honeynet project, The Canadian honeynet project mission is to contribute to security research, by means of honeynet technologies, developing tools and deploying connected honeynets.

Primary objectives are to gain insight into the security threats and vulnerabilities, investigate tactics and practices of hacker community and share learned lessons with IT community and appropriate forums in academia and law enforcement in Canada.