Two weeks ago I started a little experiment and set up the T-Pot honeypot collection on an AWS EC2 instance. This article describes what I’ve learned out analysing the collected data.
What is T-Pot?
T-Pot is a collection of dockerized versions of 18 honeypots (in T-Pot version 20.06) in combination with some powerful tools like the ELK stack for beautiful visualisation of all events captured by T-Pot.
Why is it of interest?
T-Pot is an easy way to collect all kind of information about ongoing cybersecurity threats without the hazzle of setting up a large amount of different systems by your own. The honeypots will pretend to be vulnerable servers and by doing so, invite automated attacks as well as manually hacking attempts.