RedTeam
Others
Hosting-and-Server
Honeypot

What is a HoneyPot

 A cyber honeypot works in a similar way, baiting a trap for hackers. It's a sacrificial computer system that’s intended to attract cyberattacks, like a decoy. It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.

  • Main Objectives
    • Detect Attack
    • Deflect Attack
    • Study Attackers

Position Network (External HoneyPot vs Internal HoneyPot)

![[Pasted image 20221127182517.png]]


Type of HoneyPot

![[Pasted image 20221127183441.png]]

Each kind of honey pot run a specific service, but there is TPotCE application that regroups them in a single place (Terminal View ---> ELK)


Requirements

  1. Meet the system requirements (opens in a new tab). The T-Pot installation needs at least 8-16 GB RAM and 128 GB free disk space as well as a working (outgoing non-filtered) internet connection.
  2. Download the T-Pot ISO from GitHub (opens in a new tab) according to your architecture (amd64, arm64) or create it yourself (opens in a new tab).
  3. Install the system in a VM (opens in a new tab) or on physical hardware (opens in a new tab) with internet access (opens in a new tab).
  4. Watch (opens in a new tab) and analyze (opens in a new tab).

More Information

More information ---> https://github.com/telekom-security/tpotce (opens in a new tab) Youtube ---> https://www.youtube.com/watch?v=0WUaI2pNiPI (opens in a new tab)