Darien, you can register at https://projects.honeynet.org/capture-hpc/register. Once you logged in, you should be able to submit new tickets. Let me know if you have any issues.
Your hardening document is very useful. Thanks for posting this. I am not familiar with the vmtools options... When setting the options as described in the doc, can you still kick off a process within the VM via the vix runPrgInGuest function? Christian On Fri, Apr 4, 2008 at 1:55 PM, Kindlund, Darien F. <[EMAIL PROTECTED]> wrote: > Hi Ramon, > > Sure, I've tried to submit a ticket via trac, but it looks like you > guys require Login authentication in order to perform that operation; I > guess Christian would have to submit the ticket for now or I'd need a > Login. > > Regards, > -- Darien > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:capture-hpc- > >[EMAIL PROTECTED] On Behalf Of Ramon Steenson > >Sent: Friday, April 04, 2008 4:10 PM > >To: General discussion list for Capture-HPC users > >Subject: Re: [Capture-HPC] Virtualisation and Emulation Detection > > > >Hi Darien, > > > >There is plans of redesigning the exclusion lists to work better > >with > >larger data sets (i have implemented this already). But I haven't > >looked > >at prioritization, do you mind leaving a feature request on trac? > >Are > >there any other features you would like to see regarding exclution > >lists? I know you guys have had problems in the past with them :) > > > >Cheers, > >Ramon. > > > >Kindlund, Darien F. wrote: > >> Hi Christian, > >> > >> We've also started tuning our exclusion lists for IE7 as well -- > >XPSP2 > >> so far (not Vista). Here's the corresponding link to the source: > >> > >http://www.honeyclient.org/trac/browser/honeyclient/trunk/thirdparty > >/ca > >> pture-mod > >> > >> I was curious if there were any plans to incorporate > >'prioritization' > >> into the .exl language, so that rules could be evaluated in order, > >> rather than have all the minus [-] rules take precedent over all > >plus > >> [+] rules, regardless of the order of how the rules appear in each > >> file. This might be related to ticket #713 -- not sure. > >> > >> Also, we've published a VM Hardening Guide that may be useful for > >those > >> trying to reduce cross-contamination issues between host/VM > >> environments: > >> http://www.honeyclient.org/trac/wiki/VMHardeningGuide > >> > >> Feel free to use/extend. Comments/suggestions are welcomed. > >> > >> Regards, > >> -- Darien > >> > >>> -----Original Message----- > >>> From: [EMAIL PROTECTED] [mailto:capture- > >hpc- > >>> [EMAIL PROTECTED] On Behalf Of Christian Seifert > >>> Sent: Friday, April 04, 2008 12:20 PM > >>> To: General discussion list for Capture-HPC users > >>> Subject: Re: [Capture-HPC] Virtualisation and Emulation Detection > >>> Importance: Low > >>> > >>> Jamie - I see you are running VistaIE7...would you mind > >forwarding > >>> the exclusion list to the group? I had a couple of inquiries on > >this > >>>from people using Capture... > >>> Cheers - > >>> Christian > >>> > >>> > >>> On Fri, Apr 4, 2008 at 1:59 AM, Jamie Riden > ><[EMAIL PROTECTED]> > >>> wrote: > >>> > >>> > >>> (I didn't write Capture, so I'm only commenting on a few > >>> matters) > >>> > >>> > >>> > And how you make sure that the server on which malware is > >>> > hosted do not block your ip addresse? > >>> > >>> > >>> This is an interesting question - personally I would only > >>> crawl a URL > >>> once per IP of honeypot, so if we have 3 honeyclients > >>> XPSP2IE6, > >>> XPSP2IE7 and VistaIE7, they would need to have separate IP > >>> addresses > >>> to make a sensible test of a potentially malicious site. > >>> > >>> The other option would be to use some kind of proxying. > >>> > >>> > >>> > What about malware which needs user interaction to become > >>> installed? > >>> > >>> > >>> I believe you can run this through Capture BAT if you want to > >>> analyze > >>> it in the same manner - though there are plenty of other > >>> solutions for > >>> this type of malware. (cwsandbox , norman sandbox, etc...) > >>> > >>> cheers, > >>> Jamie > >>> -- > >>> Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] > >>> UK Honeynet Project: http://www.ukhoneynet.org/ > >>> > >>> _______________________________________________ > >>> Capture-HPC mailing list > >>> Capture-HPC@public.honeynet.org > >>> https://public.honeynet.org/mailman/listinfo/capture-hpc > >>> > >>> > >>> > >>> > >>> > >>> -- > >>> ---- > >>> Web: > >>> http://www.mcs.vuw.ac.nz/~cseifert<http://www.mcs.vuw.ac.nz/%7Ecseifert> > >>> > >>> PGP key > >>> http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt<http://www.mcs.vuw.ac.nz/%7Ecseifert/pgpkey.txt> > >>> Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 > >>> B046 BAEF > >> _______________________________________________ > >> Capture-HPC mailing list > >> Capture-HPC@public.honeynet.org > >> https://public.honeynet.org/mailman/listinfo/capture-hpc > >_______________________________________________ > >Capture-HPC mailing list > >Capture-HPC@public.honeynet.org > >https://public.honeynet.org/mailman/listinfo/capture-hpc > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
