You have just secured your first job as a Forensic Investigator in the Cyber Security field with a tier-one management
and technology consultancy (hypothetical scenario). Your new firm has just onboarded a new corporate client
(customer), who is a fast-growing cloud provider; but they lack certain domain-specific expertise.
The firm and your supervisor, knowing how capable and motivated you are, have assigned you the first major task to
be completed for the new client.
They have asked you to investigate and write a report (3000 words) to inform them on what adversaries are
currently doing to attack networks (not the client’s network). Specifically, this means you are to use your own
Honeypot to capture attack attempts, etc; then relay back what you did and your findings in the report.
This is an independent piece of coursework. It is expected that you take responsibility for all of the design,
implementation (i.e., correct and error-free setup), analysis of results and writing of the report.
Your report should include at least both of the following:
- The design of your Honeypot. Note, the design of it and how you implement it is open-ended (up to you);
you may use existing Honeypot technology. Also note a Honeypot is designed to be used to collect
intelligence on attacker behaviours. This means you want to collect as wide a dataset as possible (logs, etc),
but you also need to make your Honeypot “stealthy” to ensure that hackers do not leave too quickly. - The analysis of your results. You need to analyse, reason about, and discuss the results of your Honeypot.
Some suggestions of things that might be useful, but not an exhaustive list, are the following:
a. Who are the attackers and where are they located? What attacks are attackers deploying?
b. How did they get in? Any common patterns or methods?
c. What do attackers do once they are inside your Honeypot? What are their objectives?
d. What can we learn that could be used to defend networks and systems?