Detection of critical infrastructure devices on the public Internet

Supervisory Control and Data Acquisition (SCADA) systems are sometimes exposed on the public Internet. It is possible to quickly and efficiently identify such exposed services. They are commonly part of critical infrastructure, so they need to be protected against cyber attacks. In the past, researchers have scanned the Internet to detect such...

Social Honeypot for Humans: Luring People Through Self-managed Instagram Pages

Social Honeypots are tools deployed in Online Social Networks (OSN) to attract malevolent activities performed by spammers and bots. To this end, their content is designed to be of maximum interest to malicious users. However, by choosing an appropriate content topic, this attractive mechanism could be extended to any OSN users, rather than...

Measuring the Impact of Certificate Transparency on Scanning Traffic

Certificate transparency (CT) is a system that publishes all issued certificates so that they can be audited and monitored by any party. This allows to detect mis­issued certificates quickly and catch the misbehaving certificate authorities. CT makes the certificate ecosystem more transparent and less reliant on trust that trusted certificate...

MD-Honeypot-SSH: Gathering Threat Intelligence Data during the SSH Handshake

With the amount of network connected devices every increasing, and many of them running the Secure Shell (SSH) protocol to facilitate remote management, research into SSH attacks is more important than ever. SSH honeypots can be used to act like vulnerable systems while gathering valuable data on the attacker and its methods in the meantime. The...

Disposable Botnets: Long-term Analysis of IoT Botnet Infrastructure

Large botnets made up of Internet-of-Things (IoT) devices have a steady presence in the threat landscape since 2016. However, it has not explained how attackers maintain control over their botnets. In this paper, we present a long-term analysis of the infrastructure of IoT botnets based on 36 months of data gathered via honeypots and the...

MD-Honeypot: On Adversarial Choices in DRDoS attacks

The Internet has grown from a few interconnections of trusted parties to an incredibly large network with many different use cases. While the Internet grew, threats emerged as well. Although there are many different threats on the Internet, Distributed Denial of Service (DDoS) attacks are a threat that keeps rising in the threat landscape. The...

Honeytrack: Persistent honeypot for the Internet of Things

The number of Internet of Things devices, small low-powered devices with internet connectivity, is undergoing strong growth. As connected devices become the standard, more types of devices are connected to home networks and made accessible from the Internet for convenience. As IoT devices are widely deployed in mass numbers, they can be easily...

Extending Honeytrap with Lua scripting: Honeytrap LUA implementation

This report describes the process, motivation and design choices made during the Bachelor End Project in collaboration with DutchSec. The project consists of implementing Lua-scripting into Honeytrap, which is programmed in Go. The following chapters will discuss which design choices were made, how the research was performed and how the final...

Understanding Security Flaws of IoT Protocols through Honeypot Technologies: ThingPot-an IoT platform honeypot

Internet of Things (IoT) devices are gaining popularity in daily life as well as in specific fields such as home automation, medical facilities, among others. Many applications can be developed in each domain and new ones appear everyday, requiring a flexible, simple and secure interconnection among "things" [38]. Moreover, IoT platforms could...