This document discusses a hybrid honeypot architecture that combines low and high interaction honeypots using virtual machine introspection. It aims to provide the benefits of both types of honeypots while avoiding their limitations. The proposed system, called VMI-Honeymon, uses virtualization and memory scanning techniques to monitor high interaction honeypots running inside virtual machines without in-guest agents. This allows it to detect malware attempts to alter its behavior and subvert monitoring. An evaluation found it captured malware binaries from high interaction honeypots with fewer sessions than a low interaction honeypot alone. Future work plans to support concurrent high interaction honeypots across different Windows versions and automate analyses of malware footprints.