Chinese Chapter

Chapter Website:

Chinese Chapter Status Report For 2012 (Sep 2011 - Aug 2012)


The Chinese Chapter was founded in 2008 based on Artemis research team in PKU and currently consists of the following people:

  • Dr. Jianwei Zhuge, Chapter Leader, Tsinghua Asso. Prof.
  • Chengyu Song, Gatech ph.d. student
  • Zhijie Chen, Berkeley ph.d. student
  • Dr. Xinhui Han, PKU Asso. Prof.
  • Dr. Yong Tang, NUDT Asso. Prof.
  • Huilin Zhang, PKU ph.d. student
  • Lingfeng Sun, Huawei engineer
  • Jian Jiang, Tsinghua phd. student
  • Cong Zheng, PKU ms. student

The Honeynet Project Chinese Chapter - Status Report 2011


The Chinese Chapter consists of the following people:
* Jianwei Zhuge, Tsinghua
* Chengyu Song, Gatech
* Zhijie Chen, Berkeley
* Xinhui Han, PKU
* Yong Tang, NUDT
* Huilin Zhang, PKU
* Zhongjie Wang, PKU
* Lingfeng Sun, HuaweiSymantec
* Jian Jiang, Tsinghua
* Youzhi Bao, PKU
* Cong Zheng, PKU

The Chapter members are interested in research projects covering the following topics:

1. Low-interaction/high-interaction client honeypots
2. Distributed honeynet deployment, operation and data analysis
3. Automated malware collection and analysis systems Read more »

Know Your Tools: Qebek - Conceal the Monitoring has been published

Christian Seifert (CPRO of The Honeynet Project) has just announced publication of our Know Your Tools series: Qebek - Conceal the Monitoring, authored by Chengyu Song and Jianwei Zhuge from the Chinese Chapter and Brian Hay from the Alaskan Chapter. The paper is based on Chengyu's hard work during the GSoC 2009, Brian Hay and me acted as his mentors for the Qebek GSoC Project. Congrats to Chengyu and Chinese Chapter.

The paper is available from

Paper abstract Read more »

TraceExploit: Replaying method dissection

I've been working on the GSOC Project 14 in recent months. We are meant to start a new tool which can replay the collected exploit traces.

We know that during the process of exploit replay, there're many fields need to be changed in the original application messages. Some of them are platform independent, and the others are platform specific. Platform-independent variables are those changed each time we exploit, like timestamp, cookie, length, etc. And platform-specific variables are those changed only if the target system is changed, like target address, return address point to the shellcode. Read more »

The Honeynet Project取证分析挑战中文版启航,欢迎华语世界安全人士参与

The Honeynet Project是一个国际知名的开源信息安全研究团队,致力于提升Internet的安全。 Read more »

What's new on PHoneyC (4): Try it out!

Hi all:
       I have finished almost all the coding stuff of Project #1, now you can try out the new PHoneyC with shellcode/heapspray detection here:
        Please feel free to report any bug or suggestion on shellcode/heapspray detection to me. Read more »


As the console spy is almost finished, the next stage is mainly for network activities. Sebek Win32 version uses TDI hook to get this done. However, since getting driver object in virtualization layer is hard and TDI is TDI is on the path to deprecation, I need to find another way. The best solution seems to be hooking NtDeviceIoControlFile, the API Windows uses to do network related stuff and has been widely mentioned in malware behavior analysis papers. After some days of searching, I encounter a very useful resources today, a master thesis from TTAnalyze team:
  Read more »

Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)

The Honeynet Project Chinese Chapter Status Report (Period Apr 2007 to Dec 2008)


1. Changes in the structure of your organization.
All members of Chinese Chapter (i.e. The Artemis Project) are still from ERCIS, Institute of Computer Science and Technology, Peking University, China. Although we are seaking for contributors from other organizations. Read more »

Syndicate content