The Honeynet Project

Hi all:
       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
 
http://code.google.com/p/phoneyc/source/browse/phoneyc#phoneyc/branches/phoneyc-honeyjs
 
        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me.

As the console spy is almost finished, the next stage is mainly for network activities. Sebek Win32 version uses TDI hook to get this done. However, since getting driver object in virtualization layer is hard and TDI is TDI is on the path to deprecation, I need to find another way. The best solution seems to be hooking NtDeviceIoControlFile, the API Windows uses to do network related stuff and has been widely mentioned in malware behavior analysis papers. After some days of searching, I encounter a very useful resources today, a master thesis from TTAnalyze team:
 

The Honeynet Project Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)

ORGANIZATION

1. Changes in the structure of your organization.
All members of Chinese Chapter (i.e. The Artemis Project) are still from ERCIS, Institute of Computer Science and Technology, Peking University, China. Although we are seaking for contributors from other organizations.

Founded in 1999, The Honeynet Project is an international, non-profit (501c3) research organization dedicated to improving the security of the Internet at no cost to the public. With Chapters around the world, our volunteers are firmly committed to the ideals of OpenSource. Our goal, simply put, is to make a difference. We accomplish this goal in the following three ways.