- About us
- Code of Conduct
- Google SoC
- Recent posts
- Security Workshops
The first version of the parser is essentially finished. The main goal for the basic version of the parser is to take Sebek data and create two groups of data: one group is comprised of a data structure that holds an event's information, things like the timestamp, event type, what service the event was connected to, etc. The second group is simply a list of each unique event, basically what types of events happened, what ports were used, services used by the events, things of that nature.
One difference in Qebek from other existing virtualization based honeypot monitoring tool is that I want to 'hook' the function of system service instead of the dispatcher, more precisely, the 'sysenter' or 'int 2e' instruction. This is similar to the difference between SSDT (System Service Descriptor Table) hook and kernel inline hook. However, doing it this way must face a problem: how to get the function address? One way is get it directly from SSDT.
due to the length of the whole term Improving the effectiveness of low interaction honeypots, I decided to use Iteolih as uniq abbrevitation. Things are rolling for the project, writing code started, a basic homepage with instructions how to compile/use it was created.
I even had the plan to write about it once or twice, finish something in the code, write about it. When I was done with the code, I got the idea, writing about it was not worth your time.
There are of course more of them, but we only list which will bring
confusion to our code. Note that the current version is based on IE,
not FF, since its more vulnerable.
I don't know how to write HTML in this blog, so i hope i can make them clear without examples.
1. Both in IE and FF, we can use the ID of a DOM object to call it. But we cannot always use 'document.id' to call it. In FF, document.f (f is id of a form) is undefined, but in IE, document.i (i is id of an image) and some other DOMs is undefined.
It seems that there was some problems in this blog system, and i was busy with my final exam, so i haven't written blog a long time since the project starts.
Z. Chen (Joyan)
The goal of this post is to introduce myself and my project: my name is Robin Berthier and I just got my PhD from the University of Maryland. I'll be working this summer on improving Honeybrid, a hybrid honeypot architecture. I've been working with honeypot technologies for the past 4 years, and Honeybrid represents a central part of my dissertation.
Hello, this initial blog post is used to introduce me and to provide a brief overview of my GSoC Project.
My name is Lukas Rist (my personal blog) and I am currently studying Math and Physics at the University of Kaiserslauter in Germany. This is my first time in GSoC and I will be working with Thorsten Holz on Glastopf, a Web Application Honeypot.
Hi folks !
As the GSoC started, this blog entry will introduce to you, myself and my project.
My name is Thibaut, I am still a student like all GSoC participants I guess and I belong to the ENSI of Bourges (France). I took one year off for doing research at the university of Maryland (USA) in the IT security field, especially in honeypots.