It has become increasingly important for security professionals to deploy new detection mechanisms to track and capture an attacker’s activities. Third Generation (GenIII) Honeynets provide all the components and tools required to gather this information at the deepest level. Sebek is the primary data capture tool for GenIII Honeynets.
The first of this two-part series will discuss what Sebek is and what makes it so interesting. We’ll start by looking at the latest Sebek release, version 3, its new capabilities, the Sebek protocol specification and how it integrates with GenIII Honeynet infrastructures. The second article will briefly address how to install and use Sebek on Linux and Windows. It will then focus on a Sebek patch developed by this article’s author that makes possible not only to watch what the attacker types but also the response received.