Stream: Virtual Room 7
Time: 10:00 - 10:45
In this session, I'll share my experience deploying a dynamic mainframe honeypot environment using modern deception techniques. At the core of this setup is eZMainframe, a Python-based simulator that mimics traditional 3270 terminal interactions and handles both ASCII and EBCDIC payload parsing via my eZproxy tool. Though still in alpha, it holds great potential for education and security research.
I'll discuss how I used AI to accelerate the creation of simulator components, intrusion detection systems (IDS), and analysis tools—particularly the integration of eZIDS—to enhance detection by correlating network events with geolocation data and known malicious IPs as well as presenting real time data and password attempts to a dashboard.
During the week-long 'bombardment', the honeypot actively captured attacker IP addresses, logged their actions, and recorded detailed interactions. The setup blends the simulator with a fabricated domain and some Shodan information to lure and engage potential attackers.
Attendees will gain insights into the deployment process, key discoveries, trends across the week and lessons learned. I'll also cover setup and monitoring methods, highlighting why this makes for an engaging and unique cyber threat intelligence project with a mainframe twist. All the tools, including the simulator, which I have made as simple to deploy as possible, will be freely available as open-source via my GitHub repository for anyone interested in exploring and building upon them.
There is currently no attachment for My Mainframe Honeypot - A week of constant bombardment.
Cyber Threat Intelligence Manager and Cyber Mentor at NatWest Threat Intelligence Manager, Cyber Mentor, Penetration Tester, mainframe enthusiast, and author using my 30+ years of experience to pass on my knowledge as best I can! I've worked in financial services for 20 years and consultancy for the other 10, mostly in Offensive Cyber Security and Technical Risk Management. I started working with mainframes just under three years ago and I find them fascinating as well as vital. I'm currently writing a book for No Starch Press on Mainframe Hacking. I'm lucky enough to be part of the Mainframe Hackers Society.
Click here to give some Feedback so we can make it even better next year!