Honey Pot / Honey Net

Tags: attacker, bifrozt, conpot, honeypot, network, server, ssh, system, t-pot, ubuntu

A honey pot (or honeypot) is a security tool that is designed to mimic a vulnerable system or service in order to capture and log any malicious activity or network traffic directed towards it. Honey pots are often used as a research and education tool, allowing cybersecurity professionals to study and understand the tactics, techniques, and procedures used by attackers.

A honey net (or honeynet) is a network of honeypots that are used together to capture and analyze malicious activity on a larger scale. Honey nets are often used by researchers and educators to study and understand the tactics, techniques, and procedures used by attackers across a range of different systems and services. By analyzing the data collected from a honey net, researchers can gain valuable insights into the tactics and strategies used by attackers, which can help organizations to better defend against future threats.

The following are some examples of options available in the category of honey pots and honey nets, along with a brief description of each:

awesome-honeypots – Awesome Honeypots is a curated list of honeypots and related resources. The Awesome Honeypots list includes a variety of honeypots and related tools that can be used for research, education, and security purposes. It is intended to be a helpful resource for those interested in learning about and working with honeypots.
HoneyPy – HoneyPy is a low-interaction honeypot software that is used to monitor and log network traffic and activity for the purpose of detecting and defending against cyber attacks. It is designed to mimic the behavior of various internet-connected systems, such as servers and clients, in order to attract and trap malicious actors who may be attempting to compromise these systems. HoneyPy can be used to gather information on attacker techniques, tactics, and procedures, as well as to provide early warning of potential threats and vulnerabilities in a network.
Conpot – Conpot is a low-interaction honeypot designed to simulate an industrial control system (ICS). It is intended to be used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats to ICS systems. Conpot captures and logs any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers targeting ICS systems.
Amun – Amun is a high-interaction honeypot designed to simulate a web server. It is intended to be used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against web-based threats such as malware, botnets, and hacking attempts. Amun captures and logs any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers targeting web servers. It also provides a number of features for creating and managing honeypots, including the ability to customize the honeypot environment and response to different types of attacks.
Glastopf – Glastopf is a web application honeypot, meaning it is designed to simulate a web server and capture any malicious activity or network traffic directed towards it. It is intended to be used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats to web servers. Glastopf captures and logs any attempted attacks, such as SQL injection or cross-site scripting, and allows researchers to study and analyze the tactics, techniques, and procedures used by attackers. It is a low-interaction honeypot, meaning it does not provide full functionality to attackers, but rather only simulates certain aspects of a web server in order to collect data on attempted attacks.
Kippo – Kippo is a medium-interaction honeypot designed to simulate a vulnerable version of the Linux operating system. It is often used to capture the actions and tactics of hackers who are attempting to gain unauthorized access to a system. Kippo captures and logs any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers. Kippo is often used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats to Linux systems.
Kojoney – Kojoney is a low-interaction honeypot designed to simulate a vulnerable version of the SSH (Secure Shell) service. It captures and logs any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers targeting SSH services. Kojoney is often used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats to SSH services.
HonSSH – HonSSH is a high-interaction honeypot designed to simulate a vulnerable version of the SSH (Secure Shell) service. It is intended to be used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats to SSH services. HonSSH captures and logs any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers. HonSSH is considered a high-interaction honeypot because it is capable of emulating a fully functional SSH service, allowing attackers to interact with it in a similar manner to a real system. This allows researchers to study the actions and tactics of attackers in greater detail, as they are able to observe and analyze the attacker’s actions in real-time.
Bifrozt – Bifrozt is a tool used to detect and defend against ransomware attacks. It is designed to monitor a system for suspicious activity, such as the encryption of files or the presence of ransomware command and control servers. If ransomware is detected, Bifrozt can attempt to stop the attack and restore any encrypted files. Bifrozt is often used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against ransomware threats.
Cuckoo Sandbox – Cuckoo Sandbox is a software tool used for analyzing the behavior of malicious software (malware). It is a type of automated malware analysis system that allows researchers to safely execute and observe the behavior of malware in a controlled environment. Cuckoo Sandbox creates a virtualized environment (called a sandbox) in which it can run the malware and monitor its actions. It captures and logs any malicious activity or network traffic generated by the malware, allowing researchers to study and analyze the tactics, techniques, and procedures used by the malware. Cuckoo Sandbox is often used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against threats from malware.
T-Pot Honeypot Distro – T-Pot is an open-source, all-in-one honeypot platform that combines multiple honeypots into a single system. It is designed to capture and log any malicious activity or network traffic directed towards it, allowing researchers to study and analyze the tactics, techniques, and procedures used by attackers. T-Pot includes a variety of honeypots, including Conpot (industrial control system), Kippo (Linux), and Kojoney (SSH), as well as others such as Dionaea (Windows), Glastopf (web application), and Honeytrap (Linux). T-Pot is often used as a tool for research and education in the field of cybersecurity, specifically for understanding and defending against a wide range of threats.
- T-Pot Autoinstall – T-Pot Autoinstall is an automated tool that simplifies the process of installing and configuring the T-Pot honeypot platform. It is designed to make it easy for users to set up and deploy T-Pot on their own systems, without requiring advanced technical knowledge or expertise. T-Pot Autoinstall takes care of all the necessary configuration and setup tasks, including installing the necessary dependencies, setting up the honeypots, and configuring the network and firewall settings. Once installed, T-Pot Autoinstall allows users to easily manage and monitor their T-Pot honeypot, making it an ideal tool for researchers and educators looking to quickly get started with T-Pot.

« Threat Hunting

Anti-Virus / Anti-Malware »

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.