Blog

June 12, 2009

How to transparently redirect a TCP connection

TCP was built to allow 2 hosts to exchange a stream of packets reliably. Honeybrid must add a third host to this operation when it decides […]
June 11, 2009

Is Handle Std

Sebek Windows client has two keystroke sources, one is read or write std stream, the other is csrss port. In the callback function of NtReadFile and […]
June 8, 2009

nebula – Client library and revised signature segment selection

    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the […]
June 8, 2009

Parser

The first version of the parser is essentially finished. The main goal for the basic version of the parser is to take Sebek data and create […]
June 7, 2009

Get system call address from SSDT

One difference in Qebek from other existing virtualization based honeypot monitoring tool is that I want to ‘hook’ the function of system service instead of the […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
June 5, 2009

Another PicViz improvement

Hello all! Currently I’m very busy in hard work on PicViz gsoc tasks, nevertheless I still taking arbitrary tickets (tasks that I not proposed for gsoc) […]
June 3, 2009

A few differences between IE7 and FF3, what we discovered in coding

There are of course more of them, but we only list which will bringconfusion to our code. Note that the current version is based on IE,not […]
June 12, 2009

How to transparently redirect a TCP connection

TCP was built to allow 2 hosts to exchange a stream of packets reliably. Honeybrid must add a third host to this operation when it decides […]
June 11, 2009

Is Handle Std

Sebek Windows client has two keystroke sources, one is read or write std stream, the other is csrss port. In the callback function of NtReadFile and […]
June 8, 2009

nebula – Client library and revised signature segment selection

    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the […]
June 8, 2009

Parser

The first version of the parser is essentially finished. The main goal for the basic version of the parser is to take Sebek data and create […]
June 7, 2009

Get system call address from SSDT

One difference in Qebek from other existing virtualization based honeypot monitoring tool is that I want to ‘hook’ the function of system service instead of the […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
June 5, 2009

Another PicViz improvement

Hello all! Currently I’m very busy in hard work on PicViz gsoc tasks, nevertheless I still taking arbitrary tickets (tasks that I not proposed for gsoc) […]
June 3, 2009

A few differences between IE7 and FF3, what we discovered in coding

There are of course more of them, but we only list which will bringconfusion to our code. Note that the current version is based on IE,not […]
June 12, 2009

How to transparently redirect a TCP connection

TCP was built to allow 2 hosts to exchange a stream of packets reliably. Honeybrid must add a third host to this operation when it decides […]
June 11, 2009

Is Handle Std

Sebek Windows client has two keystroke sources, one is read or write std stream, the other is csrss port. In the callback function of NtReadFile and […]
June 8, 2009

nebula – Client library and revised signature segment selection

    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the […]
June 8, 2009

Parser

The first version of the parser is essentially finished. The main goal for the basic version of the parser is to take Sebek data and create […]
June 7, 2009

Get system call address from SSDT

One difference in Qebek from other existing virtualization based honeypot monitoring tool is that I want to ‘hook’ the function of system service instead of the […]
June 5, 2009

Iteolih: Is this worth your time?

Hello, due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are […]
June 5, 2009

Another PicViz improvement

Hello all! Currently I’m very busy in hard work on PicViz gsoc tasks, nevertheless I still taking arbitrary tickets (tasks that I not proposed for gsoc) […]
June 3, 2009

A few differences between IE7 and FF3, what we discovered in coding

There are of course more of them, but we only list which will bringconfusion to our code. Note that the current version is based on IE,not […]