Honeypots are a well known and deployed technique to gather information about new and unknown attack vectors. While there are many different types of honeypots used on server side to detect threats or spamming activities for example, there isn’t very much out there to deal with client harassment. Microsoft has recently started a new research initiative to actively detect those client-side threats on a larger scale by having a computer or a virtual PC that actively mimics the actions of a user surfing the web.
In their lecture Honeymonkeys – Chasing hackers with a bunch of monkeys Krisztian Piller and Sebastian Wolfgarten will introduce basic concepts and ideas behind this initiative and will compare honeymonkeys to honeypots highlighting both, the similarities as well as differences between those two technologies. They will also talk about their efforts and experiences in implementing, monitoring and analyzing such client-based systems. This includes a step-by-step howto for running a honeymonkey project for own fun and investigations.