- Filter by
- Categories
- Tags
- Authors
- Show all
- All
- Analysis
- Android
- Chapters
- Data-Mining
- Encryption
- Forensic Challenges
- Google Summer of Code
- Honeypot
- Know Your Enemy
- News
- Uncategorized
- Workshop
- All
- 2010
- 2018
- 6guard
- active defense
- Active Response Continuum
- activities
- afterglow
- afterglow cloud
- aggressive network defense
- ajgamma.liveblog.com
- AliIkinci
- Analysis
- android
- annual
- annual status report
- anti-debugging
- APIMonitor
- APK
- APKinspector android malware static analysis
- ARE
- arp spoof
- Art
- ASLR
- assembly
- attack
- Attack Graph
- Attribution
- axis
- beginner
- Beta
- Bifrozt
- blogging
- botnet
- botnet monitoring
- botnet protocols
- Botnets
- browsers under attack
- c++
- canberra
- capture-hpc
- capture-hpc honeyclient honeyspider
- carberp
- CEO
- CFG
- challenge
- challenge 2
- chapter
- Citadel
- civil process
- client
- clustering
- code of conduct
- Computer Fraud and Abuse Act
- conference
- conficker
- conpot
- control flow
- counter-attack
- criminal process
- cro
- Crowdstrike
- cuckoo
- cuckoo sandbox androguard gsoc
- cuckoo sandbox malware analysis
- d3.v2
- Dalvik
- Damballa
- data
- data link layer attacks
- data mining
- Data model Honeyweb tutorial
- data visualization
- dbscan
- DDoS
- DDOS Honeypot
- debian
- decompilation
- demo
- DEP
- dependencies
- detect
- detection
- dhcp starvation
- dionaea
- Django
- Docker
- Dorothy
- downadup
- dpkt
- droidbot
- droidbox
- dubai
- dubai2013
- Dynamic
- dynamic analysis
- dynamic malware analysis virtuaization cuckoo gsoc
- EAT filtering
- emet
- Emulation
- encrypted traffic
- encryption
- ethics
- exploit
- exploit replay
- explot
- FC10
- feature
- Feature 1
- flash
- flow
- focus
- Forensic Challenge
- Forensic Challenge 2010
- forensic challenges
- forensics
- format
- framework
- framework honeypot
- frontend
- ftp
- Fuzzy hashing
- GeoDjango
- georg
- Ghost
- glaspot
- glastopf
- GlastopNG
- globalpot
- google summer of code
- Graphviz
- greedybear
- gsoc
- gsoc 2012
- GSoC 2013
- gsoc glutton
- gsoc google
- gsoc gsoc2010
- gsoc gsoc2011
- gsoc snare tanner
- GSoC11
- GSOC2011
- gsoc2011 gsoc
- gsoc2012
- gsoc2013
- gsoc2014
- gsoc2015
- gsoc2016
- gsoc2017
- gsoc2018
- gsoc2020
- GUI
- hack back
- Hackback
- Hacking Back
- Heralding
- HeX
- high interaction honeypot
- hnw2015
- HNW2016
- honeybrid gsoc introduction
- honeybrid gsoc parser
- honeybrid gsoc redirection
- honeybrid gsoc testing
- honeyclient
- honeydrive
- honeymap
- honeyned
- honeynet
- Honeynet Blogs
- honeypot
- honeypots
- honeysink
- honeywall
- honeyweb
- Hong Kong
- Hook
- hpfeeds
- HPSoC
- hpw2012 workshop norman
- HPW2015
- http https proxy gsoc honeyproxy forensics
- hugo gonzalez
- humanitarian law
- ICS
- images
- Imalse
- improper ruse
- infection monkey
- integrity
- intelowl
- interesting
- ipv6
- IRB
- Iteolih
- Iteolih Samba DCERPC Python
- Iteolih Samba DCERPC Python libemu
- Kelihos
- Kelihos.B/Hlux.B
- kippo
- kippo SSH honeypot
- kmeans
- KYE
- KYT
- Law
- law of war
- Layer 2
- layout
- legal
- lessons learned
- libemu
- link-local
- linux
- log record
- logging
- logs
- low-interaction
- Lukas Rist
- MAC flood
- machine learning
- mahmud
- Main blog
- Malaysian Honeynet chapter
- malicious
- malware
- Malware
- malware sandbox cuckoo
- Mariposa
- Meet our new CEO Andre
- Mexican Chapter Annual Report
- Microsoft
- mitmproxy
- Mobile
- mobile HosTage
- mohpt
- Monday
- monthly
- murofet
- nebula
- network
- network traffic
- New Honeynet Project Challenge (#7): Forensic Analysis of a Compromised Server
- new version
- news
- Norway
- oxff
- paper
- parallel coordinates
- parser
- peepdf
- phoneyc
- phoneyc paper leet09 honeyclient
- picviz
- project
- project news
- protocol
- protocols
- publication
- python
- qebek
- qebek sebek qemu windows
- qebek windows
- qebek windows socket network
- qemu
- qemu hook
- qemu qebek
- question
- re-google
- readables
- reading
- release
- replay
- replica bags
- report
- reports
- research
- reverse engineering
- reversing
- ROP
- rumal
- Sambacry
- San Antonio
- sandbox
- sandbox evasion
- SCADA
- scan
- scanner
- sebek
- sebek visualization
- security
- shellcode
- shockpot
- signature
- Simpilified Chinese
- Simplified Chinese
- Simulation
- sink
- sinkhole
- smartphone
- snare
- snort
- social honeypots
- social networks
- spam
- spamscope
- spanish chapter
- speak
- spidermonkey
- splunk
- statistic
- statistics
- status
- Stavanger
- stix
- Storm Worm
- Stormfucker
- STP manipulation
- student
- Symantec
- taiwan
- takedown
- talk
- Tallinn Manual
- tanner
- taxii
- The Italian Honeynet Chapter
- the Menlo Report
- threatintel
- thug
- thug-vagrant
- tool
- tpot
- traceexploit
- Traditional Chinese
- traffic analyze
- translation
- trojan
- twman
- UI framework
- UK Chapter
- update
- vagrant
- Video
- visualization
- vlan hopping
- vulnerabilities
- Waledac
- Wannacry
- web honeypot
- web server botnet
- webhoneypot
- webservice
- White Paper
- windows
- wireshark
- wireshnork
- wordpot
- workshop
- workshop 2012 facebook
- workshop facebook
- worldmap
- zeus
- zoom
- 繁體中文
- 鑑識分析挑戰
- 香港
June 7, 2011
Published by Chengyu Song at June 7, 2011
Categories
Uncategorized
Today Apple unveiled the next generation of OS X, Lion and new iOS 5. Among the features, I’m concerned about two features: AriDrop and iCloud. My […]
February 7, 2011
Published by Chengyu Song at February 7, 2011
Categories
There is a paper at WOOT 10′ described how to use smudges on the touch sceen of a smartphone to get largely decrease the time an […]
December 2, 2010
Published by Chengyu Song at December 2, 2010
Categories
I’m developing a syscall interception tool for Android as a course’s project. While it is relatively simple to intercept calling into the system services (introduced at […]
August 17, 2009
Published by Chengyu Song at August 17, 2009
Categories
Uncategorized
Here is a brief introduction on Qebek, answering some questions.
July 30, 2009
Published by Chengyu Song at July 30, 2009
Categories
Uncategorized
As the console spy is almost finished, the next stage is mainly for network activities. Sebek Win32 version uses TDI hook to get this done. However, […]
June 26, 2009
Published by Chengyu Song at June 26, 2009
Categories
Uncategorized
This phenomenon is first observed when I tried the NtReadFile test last week, sometimes when the postNtReadFile is called, the handle value, buffer address and buffer […]
June 21, 2009
Published by Chengyu Song at June 21, 2009
Categories
Uncategorized
This is supposed to be the first Qebek blog, but unfortunately, it cannot pass the check of mod_security (even today), so I posted here.
June 14, 2009
Published by Chengyu Song at June 14, 2009
Categories
When using hooking technology to intercept system calls, there are two different places to collect information: before the original function is called (precall) and after the […]
June 11, 2009
Published by Chengyu Song at June 11, 2009
Categories
Uncategorized
Sebek Windows client has two keystroke sources, one is read or write std stream, the other is csrss port. In the callback function of NtReadFile and […]