Join us for the Honeynet Workshop 2024: May 27th–29th, Copenhagen, Denmark

GSoC 2018 Project Summary: Conpot

18 Aug 2018 Daniel Haslinger conpot gsoc ics python scada
Abhinav Saxena wrote this post as a project summary of his GSoC2018 experience. What did we achieve? The following features and changes were implemented: Migration of the codebase from Python 2.7 to Python 3.5 (issue #358, code: #374) Implementation of FTP (RFC 959) and TFTP (RFC 1350) protocol stacks based on gevent (issue #352, code: ftp and tftp) Implementation of an abstract filesystem that proxies and wraps an actual file system by providing os.

Conpot 0.5.0 released

13 Nov 2015 Lukas Rist conpot honeypot ics scada
The Conpot development team is proud to announce the 0.5.0 release. Highlights of this release are the support for two new protocols and one additional device. Peter Soóky did a major contribution with support for the BACnet protocol, which is used for building automation and control networks, and support for IPMI, which is used an interface to a computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware and operating system (consider the insights you can get from someone exploiting this).

Gas Tank Monitoring System Honeypot

09 Sep 2015 Lukas Rist conpot honeypot ics
The Conpot team is following closely the latest developments in Honeypot research and the methods and technologies used. If you look at the topics presented on security conferences, you might have also noticed an increased interest in ICS security and honeypot technologies in the last two years. One presentation from this years Blackhat’15 conference caught my attention also knowing previous research done by Kyle and Stephen: “The little pump gauge that could: Attacks against gas pump monitoring systems” [link] If you are interested in their findings, I recommend their white paper: “The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems“ [link, pdf] by Kyle Wilhoit and Stephen Hilt from Trend Micro’s Forward-Looking Threat Research team.

Interview with Lukas Rist, creator of Conpot ICS honeypot and speaker at the Honeynet Workshop 2015

24 Apr 2015 Leon van der Eijk conpot workshop
Lukas Rist is a software engineer with Blue Coat Norway where he develops behavioral malware analysis systems. In his spare time, he works on web application and ICS/SCADA honeypots and botnet monitoring tools under the umbrella of the Honeynet Project where he is also a Director. He recently developed an interest in deployment automation, ephemeral file systems and exotic industrial communication protocols. 1) What was your motivation to enter Information Security field, and who inspired and helped you along the way?

Get STIX Reports from ICS Honeypot Conpot

06 Aug 2014 Lukas Rist conpot honeypot ics scada stix taxii
The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github. STIX allows us to represent event sessions captured by the honeypot in a structured format, which eases the integration of Conpot into existing consumer (e.g. SIEM) infrastructures. By transforming an arbitrary honeypot event into a schema defined format, we are able to communicate an incident in a language, which is also understandable by someone not trained in interpreting industrial protocol messages.