14 DAY TRIAL // The availability of HoneyDrive 3 has been announced over the weekend, with updated components and a set of almost 50 new tools serving malware analysis, forensics and network monitoring purposes.
The new version is designed to integrate multiple honeypot solutions that can be deployed from a virtual environment.
Honeypots are systems that act as decoys for intruders, allowing security teams to gather information about the attackers, the penetration methods and the type of malware they use.
They are constantly monitored and can often act as an early alert for threat actors preparing to breach the company’s systems.
The developer of HoneyDrive touts the new release as having been created from square one, which means it should provide a different experience than previous versions. He says that none of the honeypot programs that were available in the previous build have been removed.
Dubbed Royal Jelly, HoneyDrive 3 is based on the long-term support (LTS) version of Xubuntu Desktop 12.04.4, and it is offered as a virtual appliance that can be added as a virtual machine to VirtualBox or VMWare; it is a 4GB OVA download that adds an 80GB dynamically allocated drive.
A note from the developer says that “HoneyDrive 3 doesn’t make itself as known to the outside world as the previous version.There are no descriptive messages and apart from Kippo-Graph and Honeyd-Viz every other piece of software is not accessible from the outside (unless if you configure them otherwise, or even lock down Kippo-Graph and Honeyd-Viz as well).”
The list of changes informs of all honeypot software being upgraded to their latest editions and the availability of the Conpot SCADA/ICS honeypot, PhoneyC honeyclient and Maltrieve, a tool that can help security researchers recover malware straight from its source.
Additional honeypot software packages present in this release are the following honeypots: Kippo SSH, Dionaea and Amun, Honeyd, Glastopf and Wordpot, and Thug honeyclient.
It appears that some items have been removed from the package and users can no longer rely on Kojoney, mwcrawler, Vidalia, ircd-hybrid, DNS Query Tool, DNSpenTest, VLC, Parcellite and the Open Penetration Testing Bookmarks Collection for Firefox web browser.
On the other hand, the Firefox add-ons Disconnect, Undo Closed Tabs Button and PassiveRecon have been integrated.
Complete installation details, with paths for all components, along with the default access information (usernames and passwords) to various components present in HoneyDrive, are available in the “readme” file from the project’s page.
