MITRE ATT&CK technique T1068
Tactic: Credential Access, Defense Evasion, Lateral Movement, Privilege Escalation
Platform: Windows, Linux, Mac
- Set up fake resources using low-interation or high-interaction honeypots
- Emulated or real operating systems, network protocols/services, or vulnerabilities
- Dionaea - A low-interaction honeypot to trap malware exploiting vulnerabilities exposed by services offerd to a network. Dionaea emulates several protocols such as smb, sip, ftp, tftp, mssql, mysql, http, and uses libemu to detect shellcodes.
- Glutton - All eating honeypot
- Amun - A low-interaction honeypot, following the concepts of Nepenthes but extending it with more sophisticated emulation and easier maintenance.
- Conpot - ICS/SCADA honeypot
- Snare & Tanner - Successors to Glastopf web application honeypot.
- Sysdig
- MazeRunner community edition
- More: awesome-honeypots
- High Interaction Honeypots with Sysdig and Falco, Fishing for Hackers: analysis of a Linux Server Attack.