Qebek: QEMU based Sebek

by csong for The Honeynet Project

Data capture on high interaction honeypot is still of great value, but current de-facto high interaction honeypot monitoring tool Sebek is not good enough, especially for Win32 client. In order to improve its stealthy, stability and data correlation, during the GSoC I intend to implement a VMI-based honeynet monitoring tool, Qebek (aka QEMU based Sebek), for data capture on high interaction honeypots. This tool is based on QEMU and targets at Windows based honeypot. The deliverables include the GPL licensed source code for this functionality, and a working demonstration system running in my lab at Peking University.