< Call for Paper: 1st USENIX Workshop on Offensive Technologies (WOOT '07) | Collecting Malware via Botnet Tracking >

Presentation on Client-Side Honeypots

Bing Yuan just finished his thesis on Client-side Honeypots. While the tool itself is still not completely finished, his final presentation is available.

The basic idea of this thesis is to combine a component that drives Internet Explorer or other client-side applications (Word, PowerPoint, Winamp, Photoshop, ...) with CWSandbox. CWSandbox monitors the application in real-time and detects suspicious activities like creation of files, new processes, new registry keys, or similar activities. That way, information about client-side exploits can be captured - something that is not possible with regular, server-based honeypots.
This entry was posted by Thorsten Holz on Thursday, May 3. 2007 at 11:42. and is filed under honeynets. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry
  1. Week's Links

    Top 10 Configuration Security Vulnerabilities : Part One10 Hot Security StartupsHD DVD Blu-Ray Decryption Key Widely Posted OnlineEndpoint scan - scan the network for USB devices Analysis: Enterprise Key Management Presentation on Client-Side HoneypotsOpe

    Weblog: Alessandro "jekil" Tanasi blog
    Tracked: May 07, 00:59

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.