The Honeynet Project
License: GNU General Public License (GPL)
Web Page: http://honeynet.org/gsoc/ideas
Mailing List: https://public.honeynet.org/mailman/listinfo/gsoc
Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public.
For over 15 years, everything we have done and continue to do is based on the principles of opensource and volunteer efforts. Our bylaws specifically state that any software or papers developed and published by the organization must be licensed as open source and made freely available to the community.
Our goal is to help coordinate the development, deployment, advancement and research findings of honeypot related technologies. With over forty five international chapters, three hundred and fifty members and thirty open source research projects around around the world, we are a mature, highly diverse and international organization.
Simply put, our goal is to make a difference. We accomplish this goal in the following three ways:
Awareness We raise awareness of the threats and vulnerabilities that exist in the Internet today. Many individuals and organizations do not realize they are a target, nor understand who is attacking them, how, or why. We provide this information so people can better understand they are a target, and understand the basic measures they can take to mitigate these threats. This information is provided through our Know Your Enemy series of papers.
Information For those who are already aware and concerned, we provide details to better secure and defend your resources. Historically, information about attackers has been limited to the tools they use. We provide critical additional information, such as their motives in attacking, how they communicate, when they attack systems and their actions after compromising a system. We provide this service through our Know Your Enemy whitepapers and our periodic Scan of the Month challenges.
Tools For organizations interested in continuing their own research about cyber threats, we provide the tools and techniques we have developed. We provide these through our Tools Site.
Learn more at http://www.honeynet.org.
Google Summer of Code 2015
This year in Google Summer of Code we have a wide range of project ideas and we are also interested in your ideas that advance the community knowledge into new areas. Our projects and skill sets cover a wide range of programming languages (C, C++, python, PHP, perl, java, javascript, Processing, etc), database/SQL, IP networking, kernel and device driver development, UI and web interface development, databases, intrusion detection systems (IDS), proxies, data visualization, etc. Project idea difficulty can range from fairly challenging, low level root kit / kernel / hypervizor modification type projects that are likely to appeal to pretty confident programmers, through to less code intensive but equally interesting data analysis and data presentation projects building effective user interfaces. We are always interested in discussing students own project ideas and actively aim to mentor high quality student ideas too.
If you want to find out more, take a look at our project ideas web page, subscribe to our blog and public GSoC questions mailing list, then come and say hello on the #gsoc-honeynet IRC channel on irc.freenode.net (you can connect via webchat if you are behind a firewall or don't have a command line client too). There should be a mix of organisational admins, project mentors, past successful GSoC students, general Honeynet Project members and prospective students, so please don’t be nervous - feel free to ask questions and we will always try and get back to you (although you may need to idle for a few hours like we do, since sometimes we have to sleep too!). If you are new to IRC, try reading an online primer. But don't be worried, we'll be happy to help you get up to speed. We are looking forwards to hearing from you and hopefully collaborating on something awesome together this summer.
Projects
- Adding a scoring system in peepdf Currently, it is possible to identify the suspicious elements in a PDF file because they are shown in a different color (yellow). While it helps for experimented analysts or users with some experience with the PDF format and/or threat analysis, it could be difficult to understand for less skilled users. This project focuses to list out the elememts which permit distinguish if a PDF file is malicious or not and create a score out for each of those elements.
- BeDroid - ART runtime intrumentation framework The goal of this project is to build a dynamic malware analysis system on ART, which allows users to monitor the execution of potentially malicious apps. This project guarantee two points: low performance overhead and easily maintainability.My proposal contains two main ideas. One is to use inline functions hook with trampolines to intercept function calls. The other one is build a .so from AOSP code that will be injected inside target application memory to achieve runtime instrumentation.
- Cuckoo Sandbox Idea #2: Support for Mac OS binaries In the last few years Macs became way more popular among many group of users than they were, and that's cool. But at the same time they became rather easy targets for bad people: more OSX–targeting malware were born, and we have to do something about it. While static analysing is the primary tool for inspecting malware samples, it'd be great to have an ability to just launch a target inside a sandbox and see what it does.
- dpkt 2.0: Python Packet Creation and Parsing Library Dpkt is a Python library which provides a user-friendly interface to create and parse the network packets. The goal of the project is to improve the dpkt library. Firstly more test cases need to be added to expand the test coverage. Secondly we need to update the code to offer Python 3 support. Lastly some pending bugs or issues need to be solved. What’s more, if time permits, we’ll take time and effort to improve the project documentation.
- mitmproxy: WebSocket and HTTP/2 support In its current form, mitmproxy is primarily designed to be an HTTP proxy. We want to add support for these in mitmproxy as well! Implement basic support for the HTTP2 and WebSocket protocols in Python and wire them up to mitmdump. We expect you to learn the HTTP2 and WebSocket protocols during the project, knowing their individual details is not a prerequisite. You should, however, be familiar with HTTP. (adapted from https://honeynet.org/gsoc/ideas#project6)
- Online Android Sandbox with Automatic App Testing This project is to implement an online sandbox for Android apps. A basic scenario is: a user upload an app to our website, we run dynamic analysis of this app on server and dump the report to the user. Additional features include: searching or browsing analysed apps, uploading customised monkeyrunner scripts, etc. This project contains three parts of work including frontend UI design, backend logic design, and automatic testing support for Droidbox.
- Project Rumal The proposed project aims to deliver a skin for thug ie. Rumal which will make it possible to run analysis as well as collaborate on results.The aim of the platform would be not only to be a web GUI but also to act as a social network so that data (willingly shared) from many users can be used to find common patters and allow better collaboration.The portal will use the API exposed by ThugD, and will also benefit from integration with external analysis tools to enrich the data.