Abstract: A honey-pot is a deception toolkit, designed to hook an attacker attempting to compromise the production systems of any institute/organization. If designed and deployed correctly, a honey-pot can function as an advance surveillance tool as well as a threat intelligence collection mechanism. It can also be used to analyze the behavioral signature of the attackers trying to compromise a system and to provide useful insights into potential system loop-holes. This thesis work provides improvements to honey-pot methodologies, invents new techniques to implement different types of honeypots that does not exist yet in the literature or in the product space. The unique contribution of this thesis includes: Implementation of HoneySMB(Honeypot for SMB protocol), HoneyWEB with SQL-injection vulnerability and HoneyDB(Honeypot for mysql database). Coincidentally, the recent outbreak of a ransomware “WannaCry” was an exploitation of the Microsoft SMB version 1 implementation bug. In addition to the design, implementation and deployment of these new types of honey-pots, and analysis of the collected threat intelligence, this thesis also includes our additional work on a new Honey-Client-- a client side honey-pot and a way to break Android Sandboxing environment.
MTech Thesis Defences
Nishit Majithia, 15111024