For the last few years, while low-interaction (LI) honeypot systems like Nepenthes and PHoneyC are getting more and more powerful, the progress of high-interaction (HI) honeypot technology has been somewhat slower. This is especially true for Sebek, the de-facto HI honeypot monitoring tool. Qebek is a QEMU based HI honeypot monitoring tool which aims at improving the invisibility of monitoring the attackers’ activities in HI honeypots.
Qebek was developed by Chengyu Song during GSoc 2010.
Our KYT paper on Qebek provides great detail on how to install and use Qebek. Its available at http://honeynet.org/papers/KYT_qebek.
To obtain Qebek, check out its repository:
svn co https://projects.honeynet.org/svn/sebek/virtualization/qebek/trunk/