Skip to content
/ honeypot-vm Public
forked from xspatrian/honeypot-vm

This project is build for Trap the hackers from all over the world .

License

MIT license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

0xcris7prp/honeypot-vm

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
screenshots
screenshots
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
failedrdp_CL
failedrdp_CL
 
 
honeypot_report.pdf
honeypot_report.pdf
 
 
powershell_script.ps1
powershell_script.ps1
 
 
script.md
script.md
 
 

Repository files navigation

honeypot-vm

This project is build for Trap the hackers from all over the world .

Description

The Powershell script in this repository is responsible for parsing out Windows Event Log information for failed RDP attacks and using a third party API to collect geographic information about the attackers location.

The script is used in this demo where I setup Azure Sentinel (SIEM) and connect it to a live virtual machine acting as a honey pot. We will observe live attacks (RDP Brute Force) from all around the world. I will use a custom PowerShell script to look up the attackers Geolocation information and plot it on an Azure Sentinel Map!

Tools and resources utilized

  1. Azure cloud service
  2. RDP
  3. ipgeolocation API key

Languages Used

  • PowerShell: Extract RDP failed logon logs from Windows Event Viewer

Utilities Used

  • ipgeolocation.io: IP Address to Geolocation API

Report

report

World map of incoming attacks after 24 hours (geodata)

Alt text

About

This project is build for Trap the hackers from all over the world .

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PowerShell 100.0%