Forensic Challenge 5 – Log Mysteries

September 1st, 2010

The Honeynet Project has recently announced Forensic Challenge 5. This challenge takes you into the world of virtual systems and confusing log data. Figure out what happened to a virtual server using all the logs from a possibly compromised server.


Challenge 5 has been created by Raffael Marty from the Bay Area Chapter, Anton Chuvakin from the Hawaiian Chapter, and Sebastien Tricaud from the French Chapter. It is a bit more open ended than the last challenges.

The questions are a more open ended than past challenges. To score highly, we recommend to answer the following way:

* Accuracy is highly encouraged to get the highest note
* You must explain tools you used and how
* If you use visualization tools such as afterglow, picviz, graphviz, gnuplot etc. explain why this was better (than other tools, than other visualization): such as good timeline representation etc.
* Outline HOW you found things

Submission deadline is September 30th and we will be announcing winners around October 21st. We have a few small prizes for the top three submission.



VoIP Honey, a honeypot for VoIP

June 26th, 2010

The guys at Bytecoders have released VoIP Honey, a comprehensible honeypot for VoIP (Voice over IP) networks. VoIP Honey provides a set of tools for building an entire honeynet, thus includes honeywall and honeypot emulating VoIP environments such as Asterisk PBX or OpenSer with fully configurable connections.


To facilitate the work VoIP Honey includes a very nice bash-like command line interface based on ncurses, with history and auto-complete features. Also offers comprehensive well-structured and full configurable debug information.

As the authors say the VoIP Honey project is in a very basic early stage and it is only recommend to use it for testing in a strictly controlled network environments without direct Internet connection (in example Virtual Machines).

Photo by kozumel

1 Comment »

Mailing list moved

March 2nd, 2009tools

We have moved our mail list location to The new address is


New member

March 1st, 2009

We are glad to announce that our group has a new member. He is Pedro Sánchez, a security administrator of “Asociación Técnica de Cajas de Ahorros”.

He has worked in important companies as a security consultant specialized in computer forensics, honeynets, intrusion detection, firewalls, he also holds CISM and CHFI certifications. More details at members page.

Welcome aboard, Pedro! :)


HoneySpot: The Wireless Honeypot

January 15th, 2008

HoneySpot: The Wireless Honeypot
Monitoring the Attacker’s Activities in Wireless Networks
A design and architectural overview

We’ve been developing a paper to create awareness and help to guide the deployment of wireless honeypots, mainly centered on 802.11 (WiFi) technologies. The paper is focused on providing a design and architectural overview for the deployment of wireless honeypots, coined as HoneySpots.

We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper. If you are interested in developing or/and deploying wireless honeynets, contact us at project at (removethis) The Spanish Honeynet Project wants to promote this research area, including multiple wireless technologies, mainly 802.11 and Bluetooth today, with future additions such as WiMAX.