Cloud-Based Honeypots

Cloud-Based Honeypots

Introducing honeypots as a tool for the forensic practitioner’s toolbox showing how to deploy a simple cloud-based honeypot and our results after one month.

Honeypots are generally regarded as a tool of the security practitioner and researcher but they also offer advantages that forensic practitioners will find valuable. A honeypot is a system designed to attract adversaries and monitor interactions. Honeypots have no legitimate use and so inter actions are considered illegitimate. Interactions include keystrokes, network activity and more. They are a useful way to learn about adversaries by offering a view of their motives, tools, techniques and operational capability. By luring in adversaries they also deflect attacks from production infrastructure and give insight to attacks that might be used against these systems.