Monday, April 27, 2009

Book : Virtual Honeypots

It was such a lucky moment that i found this book in my library rack. My first reaction was " OH MY GOSH! How come i never see this before here!". My next reaction was grab the book and ran to the borrowing machine. Too bad why this book appear in my final exam time. It was so tempting, woot!

This book entitled Virtual Honeypots : From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz. 


Love chapter 12 that about CWSandbox. I just realise that CW is the author name Castem Willems as this is part of his thesis and Ph.D studies.

CWSandbox is a behavior-based malware dynamic analysis tool. By submit the sample to http://www.cwsandbox.org, we will receive the analysis report in a while. These report in XML format.

It involves :

1. API hooking which will redirect the execution back to the original path after the monitoring process

2. code Injection which copy the hook functios into the target app's adress space, such that these can be 

called from within the target.

A lot sandbox example awaiting, CWSandbox, Norman Sandbox, Trueman..

As stated in Malaysia Honeynet project proposed task, our own sandbox wish to be setup. I hope to be part of it. 



No comments:

Post a Comment