Honeypot

"If you know the enemy and know yourself, you need not fear the result of a hundred battles." - Sun Tzu


A SCADA system, which would make for an interesting honeypot

While I'm fairly new to honeypots, I think I know enough to make a page on here. I currently run my own cowrie SSH/telnet honeypot, giving me a constant stream of new SSH and telnet-based malware to analyze.

Now, why would someone want to run a honeypot?

  • Info on new passwords that crackers are trying
  • Constant stream of fresh malware samples
  • Intel on attacker IP ranges and compromised computers

All in all, it's a bunch of free data that you could either collect yourself or sit on your hands and wait until someone else analyzes. You get to see all sorts of interesting data - when a new device hits the market and a vuln gets exposed in it (perhaps a default password), you'll suddenly notice that password is the #1 password attackers try against you that week. It's pretty cool seeing how fast attackers react to new news, vulnerabilities, and leaks.

If you're going to collect samples on a honeypot, I also recommend signing up for an account on VirusShare. It's a great resource for malware samples and allows you to search by hash, detected name, etc. Great for those who collect and hoard viruses.



Many of these projects were done for fun and out of a love for programming. They may not be polished or even complete. If you'd like more information about a given project or the process used in creating it, you can always contact me.