Forensic Challange 7 - Only 5 days left!

Folks, challenge 7 - forensic analysis of a compromised server - put up by Hugo Gonzalez from the Mexico Chapter and Guillaume Arcas from the French Chapter is in full swing. Submissions are due by March 31st, so if you want to participate, you have 5 days left. We award little prizes for the top three submissions! Hope to see your submission.


Google SoC 2011 - Honeynet Project Accepted Again and Student Applications Open!

Our annual workshop in Paris got off to the perfect start this weekend when Google went live with the new look GSoC 2011 Melange site and announced which lucky organizations had been accepted as mentoring orgs for GSoC 2011. Read more »

First-Ever Public Honeynet Project Security Workshop - Slides Online

Folks, we had a great day at the first-ever public Honeynet Project Security Workshop yesterday with many excellent presentations by our members from around the globe. The presentations ranged from deep technical dives around shellcode detection and mobile malware reverse engineering to views on social dynamics of attackers and ethics of computer security research.

Further, we hosted a small capture-the-flag/forensic challenge competition, which received plentiful participation - especially with the younger crowd.

We hope that everybody enjoyed the workshop. If you were not able to make it to the workshop this year, we have attached the slides to this blog post. Hope to see you again in 2012.

Christian Seifert
CEO, The Honeynet Project

Google SoC 2011 - Org Applications Finished

23:00 UTC Friday March 11th was the first deadline for Google Summer of Code 2011, and the cut off point for organizations interesting in participating to complete their org application. Read more »

Google Summer of Code 2011 - Org Applications Open

Has it really been another year already? Having really enjoyed our experience as a successful mentoring organization in Google Summer of Code 2009 and Google Summer of Code 2010, The Honeynet Project is very pleased to announce that we will once again be applying to be accepted this year as a potential mentoring organization for Google Summer of Code 2011 (note the changed URL for GSoC 2011). Read more »

First-ever Honeynet Project Public Conference–Paris 2011

It is with great pleasure I announce the first-ever Honeynet Project Public Conference, held alongside with the traditional Honeynet Project Annual Workshop. The event will be held on March 21, 2011 in Paris. For those who just want to register now, go here.

21 March 2011 (Monday)

8:30AM ~ 18:00PM (GMT+1) Read more »

Forensic Challenge 2010/5 - Log Mysteries - What Apache version was used?

Carl Pulley, a loyal follower of our Forensic Challenges, has written up an analysis on how could one determine the Apache version that generated the logs. His analysis can be found at and Check it out!

New version of honeypot monitoring tool Qebek available

Folks, Chengyu Song has been busy the last few weeks and made some upgrades to the honeypot monitoring tool Qebek. He has ported it from QEMU 0.9.1 to QEMU 0.13.0. As a result, Qebek's performance (boot time) is better and it no longer requires gcc 3.4. You can check it out

svn co

If you don't know what Qebek is or how to use it, take a look at our whitepaper at

Forensic Challenge 2010/6 - Analyzing Malicious Portable Destructive Files - The winners are ...

Folks, holiday greetings from forensic challenge headquarter in Seattle. Mahmud and Ahmad from the Malaysian Chapter have judged all submissions and results have been posted on the challenge web site. The winners are:

1. Vos from Russia with perfect score!
2. Codrut from Romania
3. Mike from Canada


We received a total of 21 submissions and they were very competitive. The top three submissions came within a point of a perfect score and Vos from Russia actually received a perfect score. We have posted the top three submissions from Vos, Cordut and Mike on the challenge web site . As I said, these submissions are top notch and I encourage you to read through them.

With the forensic challenge 2010 coming to an end, we will be taking a little break for the holidays, but will be back in full force in early 2011.

Happy Holidays.

Christian Seifert
Chief Communications Officer
The Honeynet Project Read more »

Announcing the publication of Know Your Tools: Qebek - Conceal the Monitoring

I am very pleased to announce another publication of our Know Your Tools series: Qebek - Conceal the Monitoring authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter.

The paper is available from

Paper abstract
For the last few years, while low-interaction (LI) honeypot systems like Nepenthes and PHoneyC are getting more and more powerful, the progress of high-interaction (HI) honeypot technology has been somewhat slower. This is especially true for Sebek, the de-facto HI honeypot monitoring tool. In this KYT paper, we introduce Qebek, a QEMU based HI honeypot monitoring tool which aims at improving the invisibility of monitoring the attackers’ activities in HI honeypots. Read more »

Syndicate content