Next-Gen Honeypot - DejaVU Deception System
If you interested honeypot systems before, probably you were see the Deception System. Deception System is a decoy creator with to many options. Deployable everywhere on the network and create very quickly. And biggest advantage is open source.
To easy the management of decoys, they builted a web based platform which can be used to deploy, administer and configure all the decoys effectively from a centralized console. Let’s deep into DeJaVu Deception System!!
DejaVU Engine: This is for the deploy the decoys.
Engine has deployable 2 type of decoy. Server Decoy and Client Decoy. At the server side we have too much options for services what MYSQL, SNMP, TELNET, SMB, FTP, ICS-S7COMM, TFTP, WEB SERVER (Tomcat, Apache, Basic Web Auth), MSSQL, ICS-MODBUS, HONEYCOMB, SSH (Noninteractive Interactive), VNC, RDP.
At the Client side NBNS Client, SSDP Client, ARP-MITM Client, Email Client options is avaliable.
We will use DejaVU Engine interface for deploy a new decoy include of ssh and web server. By the way we can choose type of internal or external decoy.
After the deploy we can access decoy with ssh. We try to root username and randomly password and it give us permission at first password.
Now we are inside of the decoy. We executed some commands like cat /etc/passwd
After this connection we will try to connect to tomcat server with default port 8080.
And we can reach. We can give a webpage for decoy and it can use for login page for our trap.
After all this events we going to console interface and check our activities.
We can see all logs for decoy machine. If its necessery we can download the pcap file and analysis all activities of the attacker. Also we can check the attack map on the Attack Graph field.
If you have mail server you can use mail trigger for malicious activities.
This is the easy deploy the everywhere on network decoys opensource solution.