Low interaction
Pros:
Easy to deploy
Service or system emulation
Easy to monitor
Cons:
Attacks are limited
Easily detectable
Restricted IOC
High interaction
Pros:
Detection of advanced events and new exploits
Highly customizable
Difficult to detect by an attacker
Rich IOC
Cons:
Risky
Complex implementation
Need for an architecture
De l'intérêt du Honeypot - Arnaud Zobec
2018 Nov 8 - 2019 Jan 24
(78 days)
https://www.oceanhole.xyz/d
https://www.oceanhole.xyz/d3
https://www.oceanhole.xyz/d3
https://www.oceanhole.xyz/d3
https://www.oceanhole.xyz/d3
https://www.oceanhole.xyz/d3
https://www.oceanhole.xyz/xg.n.tgz
https://www.oceanhole.xyz/xg.n.tgz#.cf
xmrigCC
https://www.oceanhole.xyz/xg.n.tgz#b
https://www.oceanhole.xyz/xg.n.tgz#kernelupd
oceanhole.xyz
vpn.oceanhole.xyz
host.oceanhole.xyz
80 : xmr-node-proxy
40929 : SSH
Questions?