Author Topic: PhoneyC: A virtual client honeypot  (Read 2840 times)

0 Members and 1 Guest are viewing this topic.

February 09, 2011, 03:58:37 pm
Read 2840 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Quote
PhoneyC is a virtual client honeypot, meaning it is not a real application but rather an emulated client. By using dynamic analysis, PhoneyC is able to remove the obfuscation from many malicious pages. Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.

Quote
v0.1 feature highlights include:

* Interpretation of useful HTML tags for remote links
- hrefs, imgs, etc ...
- iframes, frames, etc
* Interpretation of scripting languages
- javascript (through spidermonkey)
- supports deobfuscation, remote script sources
* ActiveX vulnerability "modules" for exploit detection
* Shellcode detection and analysis (through libemu)
* Heap spray detection

http://code.google.com/p/phoneyc/
Ruining the bad guy's day