Cross-Cloud Adversary Analytics Using Heisenberg Honeypots
Download the full research report today
Heisenberg Cloud is a Rapid7 Labs research project with a singular purpose: understanding what attackers, researchers, and organizations are doing in, across, and against cloud environments. This research is based on data collected from a new, Rapid7-developed honeypot framework called Heisenberg along with internet reconnaissance data from Rapid7's Project Sonar. Heisenberg honeypots are a modern take on the seminal attacker detection tool. Each Heisenberg node is a lightweight, highly configurable agent that is centrally deployed using well-tested tools, such as terraform, and controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents and all agents send back full packet captures for post-interaction analysis.
One of the main goals of Heisenberg it to understand attacker methodology. All interaction and packet capture data is synchronized to a central collector and all real-time logs are fed directly into Rapid7's Logentries for live monitoring and historical data mining.
This paper is the product of nearly a year's worth of opportunistic credential scanning data collected from Heisenberg, Rapid7's public-facing network of low-interaction honeypots. This report is focused on identifying the credentials attackers use when they try to hack internet connected systems.
Incident Detection and Response Toolkit
Are you confident in your ability to reliably detect attackers once they've gained unauthorized access to your network? Download our toolkit to learn how to gain confidence with IDR.
Project Heisenberg Cloud: Cross-Cloud Adversary Analytics
Understanding what attackers, researchers, and organizations are doing in, across, and against cloud environments