SUMMARY

Based on our previous project, the need for an analysis toolkit for Nepenthes was found which could automate some part of the static malware analysis of the malware captured using low interaction honeypot “Nepenthes”. This document is our review of the NepenthesFE tool, which we have upgraded as part of our study into Nepenthes and Visualization of Honeypot data.

October 03, 2009

Project : Honeynet Deployment Delhi Region ( NCR)

Project Team: [1] Dharm Dhwaj Singh

Location: NOIDA

Sponsor: Agreeya Solutions, NOIDA

Download Project Announcement

SUMMARY

The primary objective will be to capture Botnet traffic and study their behavior and analyze Linux OS (Fedora) based vulnerabilities attacks being captured by the environment.

Project Reports

July 21, 2009

Project : Honeypot and Malware Analysis

Project Team: [1] K.K.Mookhey

[2] Wasim Halani

Location: Mumbai

Sponsor: NII Consulting, Mumbai

Download Complete Report

SUMMARY

The Honeypot and Malware Analysis research project was initiated at NII Consulting. We began the project by surveying a list of Honeypot applications for both the MS Windows and Linux platform. Keeping in mind the resources at hand, we decided to setup the widely popular Nepenthes sensor on a Linux box, which is a low-interaction honeypot.

The aim of our project is to study attack vectors used by malware binaries over the internet and especially in India. As an initial setup, we kept the Nepenthes sensor online over a period of two weeks. Nepenthes was configured to integrate itself with the CWSandbox application for automated Malware Analysis. The analysis revealed that we had captured an IRC-based BOT. We studied the network traffic of the malicious binary to understand the working of an IRC-Bot. This brief project is an initial step towards advanced malware analysis and Honeypot architecture.

Last Update : Aug 30, 2010