Deploying Honeypots with Ansible and ELK

One problem that all security professionals have is staying ahead of the attacks. Honeypots help in this regard by gaining an insight into how the naydoers attack vulnerable systems. I therefore set out to create a reproduceable honeypot system that could be deployed to any target in a secure and reproduceable manner. The 2 requirements was to automate the installation of the honeypot software and to integrate the logging to a central system where the logs could be analysed.

vDOS analysis with ELK stack and Vagrant

vDOS was a booter service ran out of Israel allowing anyone to DDOS victims. In July 2016 Brian Krebs obtained a database dump from the booter service giving insight into the techniques used and victims of the service. You can see Brian’s posts here: https://krebsonsecurity.com/2016/09/alleged-vdos-proprietors-arrested-in-israel/ https://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/ To analyse the database I’ve written a Vagrantfile which installs the ELK stack and uses logstash to put the vDOS log file into Elasticsearch, Kibana can then be used to analyse the data.