Dionaea

No its not a result of something I ate since my last post :)

So far with KFSensor I was able to pick up some of the expected traffic/scans for some common and uncommon services but since I am more interested in finding malware samples I'm shifting gears and setting up Dionaea inside of the prebuilt HoneyDrive VM.  I do still like it as a possible fit into some production enterprise environments vs rolling your own devices.

Personal stuff has slowed me up this weekend in getting this up and running but making it a priority this week.  Of course I had to allow some time to take a look at Dave Cowen's Sunday Funday challenge this week on recovering deleted registry entries.

On another note but related I plan on posting some findings from a recent case I had involving memory artifacts and some discoveries related to McAfee's AntiVirus and what it appears to load and leave in memory, but I'll post something more formal on that later this week.