Author Topic: PhoneyC: A virtual client honeypot  (Read 4126 times)

0 Members and 1 Guest are viewing this topic.

February 09, 2011, 03:58:37 pm
Read 4126 times


  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
PhoneyC is a virtual client honeypot, meaning it is not a real application but rather an emulated client. By using dynamic analysis, PhoneyC is able to remove the obfuscation from many malicious pages. Furthermore, PhoneyC emulates specific vulnerabilities to pinpoint the attack vector. PhoneyC is a modular framework that enables the study of malicious HTTP pages and understands modern vulnerabilities and attacker techniques.

v0.1 feature highlights include:

* Interpretation of useful HTML tags for remote links
- hrefs, imgs, etc ...
- iframes, frames, etc
* Interpretation of scripting languages
- javascript (through spidermonkey)
- supports deobfuscation, remote script sources
* ActiveX vulnerability "modules" for exploit detection
* Shellcode detection and analysis (through libemu)
* Heap spray detection
Ruining the bad guy's day