HoneyDB Honeypot workshop

From HOPE Wiki
Jump to: navigation, search

HoneyDB.png

Abstract

Honeypots can be implemented to discover new threat information or detect intruders on a network. However, while there are numerous free honeypots available, many of them can be complicated to deploy and require additional engineering to consume log data. If you are curious about honeypots and are interested in a simple way to deploy your own honeypots, the HoneyDB honeypot workshop is for you.

All skill levels are welcome to attend, you only need an interest in honeypots :-)

Agenda

  • Intro to honeypots
  • Open source honeypots
  • HoneyDB
  • HoneyDB Agent
  • Deploying an agent in the cloud
  • Testing the agent
  • Querying the Threat API
  • HoneyDB CLI Python tool
  • Write an API client
  • Resources (Slack / Twitter)

Technical Requirements

  • Computer: Linux, Mac, or Windows
  • You will need a HoneyDB account to generate API keys. Creating a HoneyDB account requires that you login via your GitHub, Twitter, or Google account. Visit https://honeydb.io/login to login/create your HoneyDB account.
  • SSH Client: We will use SSH to connect to a cloud host, if using Windows a free SSH client can be found here https://www.putty.org/
  • Postman: Download/install from https://www.getpostman.com/
  • Cloud host: A cloud host will be provided in the workshop (DigitalOcean). If you prefer to use your own that is fine. Options for getting your own cloud host can be found here
  • Slack - https://slack.com/ (optional, if you want to join the community)

Note: We will be editing configuration files and scripts on the cloud host. We will use the nano text editor in via the SSH terminal.

If you are comfortable with using Python locally on your computer, note the following recommendations: