Setting Up a Honeypot in AWS and Analyzing Cyber Attacks (Check pinned comment for 2022 update)

Thank for the video Ryan!

This is such a sick walkthrough. Thanks so much for sharing it! Would be good to get a guide on setting up VMs in VirtualBox. I did this myself in the end but it was moderately painful :D

Yo! Thank you for this. I’m going to make a few tweaks and make a blog post on this.

Thank you for sharing this

PowerShell7 supports ssh btw. Also WSL is a good option.

Can you make a follow up as to why after shutting down the instance many of us are not able to get back into T-Pot. Appreciate it in advance.

No matter what I do I keep getting connection refused when trying to SSH into the machine for the first time. It is 2024 so I use Debian 12
1. I checked inbound rules and they are set correctly
2. I tried to connect with another AWS instance and it still would not work
3. I rebooted the instance and it did not work
4. I ensured I had the private key and it confirms I have the right one, still refuses connections
I am at a complete loss. Any help?

IMPORTANT UPDATE: Due to the honeypot github repo being updated you will need to use Debian 11 instead of Debian 10 now when you set up your AWS instance! If you do not do this you might get an error saying Debian buster is not supported.

Nice

Which IDS is used in intrusion detection?

Does everything that’s written in the terminal exactly the same as the terminal in linux virtual machine ?

The step at 21:51 , seems like I forgot the credentials, I tried a bunch of attempts and now it keeps on saying “unable to connect” and doesn’t prompt me to put in the credentials.
Is there a way to reset the credentials 😭?

Hey everyone!
I have successfully installed T-Pot whilst connecting to my AWS instance via SSH client (Linux Virtual Machine).
I can access the T-Pot dashboard, however I'm experiencing issues with accessing Kibana.
Can anyone help me or guide me towards fixing this issue? I have my project assignment due shortly, so immediate responses would be very appreciated!
Thank you in advance! :)

You set up a honeypot in Tokyo right, but why do you get a usa attacks?

I don't get hit with that warning window in order to sign in 21:44

Hey it isn't working for me?

Hello! I literally followed all the steps but when I try to access the web(ip:64297) , I get an error: "unable to connect.
Firefox can't establish....".
How do I fix this?

Can anyone help😔

Hi, I'm getting the error, Sorry Debian Buster is not supported please help. I followed all the same steps

When i wanted to clone from github, it asked for username and password and then fails to clone. Could someone please help.

Not able to connnect to port ssh 64295

I'd just like to interject for a moment. What you're refering to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called Linux, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.
There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called Linux distributions are really distributions of GNU/Linux!

fullstack