Attack Detection

Identity threat detection & response platform for Active Directory security

Identity threat detection and response solution for Active Directory

Identity security platform protecting identities across attack chains

HoneyFS is an LLM-powered honeypot tool that generates realistic fake file systems using GPT-3.5 to deceive attackers and enhance security analysis.

SSHGuard protects hosts from brute-force attacks by monitoring system logs, detecting attacks, and blocking attackers using a firewall.

GridPot is a honeypot framework that combines GridLAB-D, Conpot, and libiec61850 to simulate industrial control systems and detect attacks on power grid infrastructure.

Honeytrap is a low-interaction honeypot and network security tool with various modes of operation and plugin support for catching attacks against TCP and UDP services.

A honeypot designed to detect and analyze malicious activities in instant messaging platforms.

TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.

Hived is a honeypot tool for deceiving attackers and gathering information.

Medium interaction SSH honeypot for logging brute force attacks and shell interactions.

A Go-based honeypot that mimics Intel's AMT management service to detect and log exploitation attempts targeting the CVE-2017-5689 firmware vulnerability.

Ghost USB Honeypot emulates USB storage devices to detect and analyze malware that spreads via USB without requiring prior threat intelligence.

Troje is a honeypot that creates dynamic LXC container environments to attract and monitor attackers while recording their activities and system changes.

An Apache 2 based honeypot with detection capabilities specifically designed to identify and analyze Struts CVE-2017-5638 exploitation attempts.

A Java-based Bluetooth honeypot that captures and analyzes malware and attacks targeting Bluetooth-enabled devices.

An open source honeypot for NoSQL databases with support for Redis and additional features for detecting attackers and logging attack incidents.

A modified version of OpenSSH deamon forwarding commands to Cowrie for logging brute force attacks and shell interactions.

A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.

A Docker-based honeypot network implementation featuring cowrie and dionaea honeypots with centralized event collection, geolocation enrichment, and real-time attack visualization.

NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.

BW-Pot is an interactive web application honeypot that deploys vulnerable applications to attract and monitor HTTP/HTTPS attacks, with automated logging to Google BigQuery for analysis.

Kippo is a medium interaction SSH honeypot with fake filesystem and session logging capabilities.

6Guard is an IPv6 attack detector sponsored by Google Summer of Code 2012 and supported by The Honeynet Project organization.