Mazhar Imam Khan
Date/Time
Venue Details
KD 103

Abstract: A honey-pot is a deception toolkit, designed to hook an attacker attempting to compromise the production systems of any institute/organization. If designed and deployed correctly, a honey-pot can function as an advance surveillance tool as well as a threat intelligence collection mechanism. It can also be used to analyze the behavioral signature of the attackers trying to compromise a system and to provide useful insights into potential system loop-holes. This presentation consists of a Telnet Honeypot which acts as an IOT device whose image is built by own customized builds.The honeypot will be capable of recording plenty of information about the attacker, includ-
ing interactive TTY sessions recordings. All the attacks will be logged
which will help me to do active attack payload analysis to find common
patterns and gain intelligence. It will actually store the attempted login usernames and passwords in separate files and even the timing of the session will be recorded. It will also record all the logs of the attacker in separate files. In addition to this, the recorded passwords and usernames and all the captured IPs are shown visually using ELK. The major contributions in this project work includes:

1.  Lightweight model of Honeypot using C, Python and Twisted Python.

2. Integrating the project with ELK.

3. Capturing the drive-by-download based attacks and analysing those captured malwares.

Internal Speakers