Monday, August 12, 2013

Useful Online Information Security Portals

Sandy ( Static & Dynamic Analysis ) : 

         Sandy developed under Indian Honeynet and is capable of doing both static and dynamic analysis of Malicious Office, Jar,HTML files at the moment. 


Two big issues faced by the security industry in general is,
  1. On how to analyze exploits in bulk and extract IP/controller information.
  2. On how to attribute to apt groups to exploits collected.


Sandy Version 1: [Beta testing]

  • Static | Dynamic Analyze Java exploits, Static analysis of Java malwares.
  • Limited support for office file formats.
  • Analysis of url having support for Firefox and IE browsers.
Sandy To do list:
  • Hpfeeds Integration.
  • Improve performace and analysis for doc samples.
  • Improve stability.
  • Add support for pdf,flash exploits.
  • Dynamic analysis of Java malwares, and Doc files.
  • Add support for pdf/flas files.
  • Add support for Android APK files.
  • In short there need to be a lot of improvement to make it useful :)
Sandy Snapshot :

Portal Link :

HoneyMap :

              HoneyMap shows a real-time visualization of attacks against the Honeynet Project's sensors deployed around the world. It leverages the internal data sharing protocol hpfeeds as its data source. Read this post to learn about the technical details and frequently asked questions. Before going into explanations, take a look at the map itself:

HoneyMap Snapshot:

Red markers on the map represent attackers, yellow markers are targets (honeypot sensors).

 Portal Link : ( New Real-Time Cyber attack Monitoring System )

                                            This Portal shows statistics of the early warning system of Deutsche Telekom. The corresponding sensors are operated from Deutsche Telekom and Partners,

Snapshot :

a cyberattack against an organization from the East Coast of the United States is taking place. If you’re interested in learning such information in real-time, you can check out, a new cyberattack monitoring service launched by Germany’s Deutsche Telekom.

Besides a real-time overview of current attacks, recorded by a total of 97 sensors, the website also provides statistics such as the top 15 source countries, distribution of attack targets, total number of attacks per day and overall sum of attackers per day.

Available in English and German, the information presented on the site is gathered from resources such as The Honeynet Project, HoneyMap, Kippo, Glastopf and dionaea.

Currently, the figures from the site show that a total of 2,402,722 cyberattacks were recorded last month as originating from Russia. Over 900,000 were traced back to Taiwan and 780,000 to Germany.

Portal Link :

SHODAN : (Sentient Hyper-Optimized Data Access Network)

            Shodan is a computer search engine which scans and searches any online devices such as webcams, routers, printers, iphones etc filtering based on User Agent & Country.SHODAN was created on Earth to serve as the artificial intelligence of the TriOptimum Corporation's research and mining space station Citadel.

Snapshot :

Portal Link :

Thanks ..