An update from the Honeynet Project
Four months after the Honeynet Project's public announcement, the first wave of research output is appearing. A short note on what has been published and what it changes for practitioners.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged deception — 7 results.
Honeypot v2: second-month captures
Five months of running the high-interaction honeypot. The captures continue to be the highest-value source of post-compromise intelligence I have access to. Three more sanitised observations and what each teaches.
The honeypot v2 — first interesting captures
Six weeks of running the new high-interaction honeypot has produced exactly the kind of post-compromise data I was hoping for. Three sanitised observations from the logs, with the lessons each one teaches.
Honeypot v2: design notes
After a year of running my small honeypot and reading the Honeynet conversations, I am rebuilding from scratch. The new architecture takes a different approach — high interaction in a contained environment — and the design choices are worth writing down before I commit to them.
Joining the Honeynet conversation
Lance Spitzner has started a small private mailing list for people interested in deploying honeypots seriously. I have just joined. The early threads are some of the most interesting writing I have read on the discipline.
Building a small honeypot from scratch
DTK is the right place to start. A weekend later, here is the much smaller honeypot I have written myself, what it logs, and the design decisions that turned out to matter.
A weekend with the Deception Toolkit
Fred Cohen's Deception Toolkit is the first publicly available honeypot, and a small revolution in how we should be thinking about defence. I spent a weekend running it, and now I cannot stop thinking about it.