UDPot is a littel script to run an honeypot which acts as a real DNS server, sending out DNS replies for the first bunch of requests, and after it work as a sinkhole.

In the last days I refreshed the code, updated the requirements and more spring cleaning.

Now a docker image is available on DockerHub, you can run it with:

$ docker run --name udpot -p 5053:5053/udp -p 5053:5053/tcp -d jekil/udpot

It will run UDPot on port 5053 UDP and TCP, if you want to use it on another port you can bind it with …

This how to will guide you through the setup of an Image Forensics lab, using Ghiro, a free and open source image forensics tool.

Ghiro comes also with a virtual appliance (it is a copy of Ubuntu Linux with all you need already installed, you can run on your host) to help people get a running Ghiro in few steps.

After a while we finally released Cuckoo Sandbox 1.2!

It is one of the Cuckoo’s release with the most impressive amount of new features, just to mention a few:

• XenServer machinery support
• Physical machine support, to run analysis on bare metal
• Comparative reporting, you can compare analysis in a fancy way
• Improved visualization of network data

A complete list of feature is available in the announce post, I kindly suggest to have a look over it.

It seems that the old Ghiro website was too hard for understand for people visiting it.

All we know people stops on websites few seconds, so contents should be delivered in an efficient way, with a simple layout and  short web page.

After one year we read about people that barely were able to understand what Ghiro is, if it is an automated digital forensic tool or a brand new Photoshop clone. We read about people asking where they can download it, how much it costs a license and so on.

So our burlone, Ghiro’s design engineer, put together …