Research
SSH-Pot
The SSH honeypot is based on a modified versjon of OpenSSH which provides us with full logging of usernames and passwords. All data is being inserted into a MySQL database, and we’ve got a simple web-interface for presenting statistics on the collected data. We’ve got almost 400 days worth of SSH bruteforcing data.
Sandbox-Parser
Collected malware programs from our honeynet is automatically sent to analysis in a controlled environment, called a sandbox. On our sandbox page you can view reports, analysis and statistics of collected malware from our honeynet. The sandbox processing system is currently offline.
Time-to-Exploit
When a security vulnerability is made official it is usually just a matter of time until someone writes an exploit for it. Our “time to exploit” project automatically correlated exploits published by K-OTik/FrSIRT with vulnerability information stored in NIST’s National Vulnerability Database (NVD) to get a statistical estimate on the average time it takes before an exploit is made available. Unfortunately a few days after we deployed our T2E system, K-OTik/FrSIRT went commercial and closed down access to their exploits. Therefore this system is no longer active.
