Abhinav Saxena wrote this post as a project summary of his GSoC2018 experience.
What did we achieve? The following features and changes were implemented:
Migration of the codebase from Python 2.7 to Python 3.5 (issue #358, code: #374) Implementation of FTP (RFC 959) and TFTP (RFC 1350) protocol stacks based on gevent (issue #352, code: ftp and tftp) Implementation of an abstract filesystem that proxies and wraps an actual file system by providing os.
The Conpot development team is proud to announce the 0.5.0 release. Highlights of this release are the support for two new protocols and one additional device. Peter Soóky did a major contribution with support for the BACnet protocol, which is used for building automation and control networks, and support for IPMI, which is used an interface to a computer subsystem that provides management and monitoring capabilities independently of the host system’s CPU, firmware and operating system (consider the insights you can get from someone exploiting this).
The team working on the ICS/SCADA honeypot Conpot, just merged in a more mature support for STIX (Structured Threat Information eXpression) formatted reporting via TAXII (Trusted Automated eXchange of Indicator Information) into the master branch on Github.
STIX allows us to represent event sessions captured by the honeypot in a structured format, which eases the integration of Conpot into existing consumer (e.g. SIEM) infrastructures.
By transforming an arbitrary honeypot event into a schema defined format, we are able to communicate an incident in a language, which is also understandable by someone not trained in interpreting industrial protocol messages.
We proudly announce the first release of our Industrial Control System honeypot named Conpot.
Until now setting up an ICS honeypot required substantial manual work, real systems which are usually either inaccessible or expensive and lecture of quite tedious protocol specifications. With implementing a master server for a larger set of common industrial communication protocols and virtual slaves which are easy to configure, we provide an easy entry into the analysis of threats against industrial infrastructures and control systems.