RiotPot: A Resilient Honeypot Security System for IoT and OT

About RiotPot

RiotPot is a powerful elastic honeypot system. RiotPot is mainly aimed at IoT and OT protocols, and supports user interaction.

RiotPot supports a plug-in mechanism. These services can be loaded into honeypots in the form of plug-ins, making RIoTPot a modular and portable honeypot system. Services are loaded at runtime, which means that honeypot mentions will change depending on the situation, and loaded services (such as HTTP) will only be used when needed. Therefore, we strongly recommend that researchers customize their own binaries according to their needs.

System Architecture

RiotPot has a modular architecture to support scalability of RiotPot honeypots. In addition to this, the honeypot also provides a hybrid interaction function where the user can select the desired level of interaction for the simulated protocol. The figure below shows the high-level architecture of RIoTPot:

Noise filtering

RiotPot’s Noise Filter module filters attacks from Internet scanning engines to reduce noise and false positives. With the help of this module, the system is marked as “benign” when it is attacked from a source such as Shodan. The list of scanning services supported by RiotPot is as follows:

Shodan (https://www.shodan.io/)

Censys (https://censys.io/)

Project Sonar (https://www.rapid7.com/research/project-sonar/)

LeakIX (https://leakix.net/)

ShadowServer (https://www.shadowserver.org/)

RWTH Aachen (http://researchscan.comsys.rwth-aachen.de/)

Quadmetrics (https://www.quadmetrics.com/)

BinaryEdge (https://www.binaryedge.io/})

ipip.net (https://en.ipip.net/)

Arbor Observatory (https://www.arbor-observatory.com/)

CriminalIP (https://security.criminalip.com/)

BitSight (https://www.bitsight.com/)

InternetTT (http://www.internettl.org/)

ONYPHE (https://www.onyphe.io/)

Natlas (https://github.com/natlas/natlas)

Net Systems Research (https://www.netsystemsresearch.com/)

Sharashka (https://sharashka.io/data-feeds)

Alpha Strike Labs (https://www.alphastrike.io)

Stretchoid (http://stretchoid.com/)

Tool installation

Our philosophy is to make RIoTPot highly portable, and we strongly recommend using Docker to run RiotPot in a virtualized self-contained network.

RiotPot is developed based on Golang, so we first need to install and configure the Go environment in the environment.

First, create a folder in your local file system:

$ mkdir -p $GOPATH/src/github.com

Change to the project directory in the command line terminal:

$ mkdir -p $GOPATH/src/github.com

Use the following command to clone the project source code locally:

$ git clone [email protected]:aau-network-security/riotpot.git

Then switch to the riotpot directory:

$ cd riotpot

Docker usage

In RiotPot’s development directory, there is a docker-compose file:

$ cd ~/riotpot/deployments | ls -al

...

-rw-r--r-- docker-compose.yml

...

This file corresponds to the corresponding software development environment.

docker-
The compose.yml file will build the project in a private virtual network with three hosts: riotpot, postgres, and tcpdump. ostgres contains a Postgres database, tcpdump contains a packet capturer, riotpot contains the application itself, and the three can interact with each other. Enter the following commands in the terminal to develop and test RiotPot directly locally:

$ docker-compose -f docker-compose.yml up -d --build

After using the honeypot, you can use the following command to close the container:

$ docker-compose down -v

Docker Hub image

# Grab and run the latest release of the riotpot consumer image

# detached from the console with -d.

$ docker run -d riotpot-docker:latest

Local use

We can also build our own code from the project source code, navigate to the project directory, and then use command line tools to generate the code and store it in the .bin/ directory:

# build the binary in the ./bin folder

$ go build -o riotpot cmd/riotpot/main.go

Alternatively, we can also install RiotPot directly on the local system using the following command:

# installs riotpot at $GOPATH/bin

$ go install

Then run RiotPot directly:

$ ./riotpot

Project address

RiotPot: [[ GitHub Portal](https://github.com/aau-network-
security/riotpot)]

Reference materials

https://golang.org/

https://docs.docker.com/

https://pkg.go.dev/

https://pkg.go.dev/golang.org/x/tools/cmd/godoc

https://pkg.go.dev/

https://pkg.go.dev/golang.org/x/tools/cmd/godoc

Digression

Many people who are new to the computer industry or graduates of computer-related majors from universities encounter difficulties in finding employment due to lack of practical experience. Let’s look at two sets of data:

The number of college graduates nationwide in 2023 is expected to reach 11.58 million, and the employment situation is grim;

Data released during the National Cyber Security Awareness Week show that by 2027, the shortage of cyber security personnel in our country will reach 3.27 million.

On the one hand, the employment situation for fresh graduates is grim every year, and on the other hand, there is a shortage of one million cybersecurity talents.

On June 9, Max Research’s 2023 Employment Blue Book (including the “2023 China Undergraduate Employment Report” and “2023 China Higher Vocational Students Employment Report”) was officially released.

The top 10 majors with the highest monthly income for college graduates in 2022

Undergraduate computer majors and higher vocational automation majors have higher monthly incomes. The monthly incomes of the 2022 undergraduate computer majors and higher vocational automation majors are 6,863 yuan and 5,339 yuan respectively. Among them, the starting salary of undergraduate computer majors is basically the same as that of the 2021 class, and the monthly income of higher vocational automation majors has increased significantly. The 2022 class overtook the railway transportation major (5,295 yuan) to rank first.

Specifically, depending on the major, the major with a higher monthly income for undergraduates in 2022 is information security (7579 yuan). Compared with the class of 2018, undergraduate majors related to artificial intelligence such as electronic science and technology and automation performed well, with starting salaries increasing by 19% compared to five years ago. Although data science and big data technology are new majors in recent years, they have performed well and have ranked among the top three majors with the highest monthly income for 2022 undergraduate graduates six months after graduation. French, the only humanities and social sciences major that entered the top 10 highest-paying undergraduates five years ago, has dropped out of the top 10.
[External link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-7H7sBjou-1692784027240) (C:\Users\Administrator\AppData\Roaming\Typora\ typora-user-images\image-20230809162658551.png)]

“There is no national security without cybersecurity”. At present, network security has been elevated to the level of national strategy and has become one of the most important factors affecting national security and social stability.

Characteristics of the network security industry

1. The employment salary is very high and the salary increases quickly. In 2021, Liepin.com announced that the employment salary in the network security industry is the highest per capita of 337,700!

2. There is a large talent gap and many employment opportunities

On September 18, 2019, the official website of the “Central People’s Government of the People’s Republic of China” published: my country’s demand for cyberspace security talents is 1.4 million, but major schools across the country train less than 1.50,000 people every year. Liepin.com’s “Cybersecurity Report for the First Half of 2021” predicts that the demand for network security talents in 2027 will be 3 million. Currently, there are only 100,000 employees engaged in the network security industry.

The industry has a lot of room for development and many jobs

Since the establishment of the network security industry, dozens of new network security industry positions have been added: network security experts, network security analysts, security consultants, network security engineers, security architects, security operation and maintenance engineers, penetration engineers, information security management Data Security Engineer, Network Security Operations Engineer, Network Security Emergency Response Engineer, Data Appraiser, Network Security Product Manager, Network Security Service Engineer, Network Security Trainer, Network Security Auditor, Threat Intelligence Analysis Engineer, Disaster Recovery Professional , Actual combat offensive and defensive professionals…

Great career potential

The network security major has strong technical characteristics, especially mastering the core network architecture and security technology in the work, which has an irreplaceable competitive advantage in career development.

With the continuous improvement of personal ability, the professional value of the work will also increase with the enrichment of one’s own experience and the maturity of project operation, and the appreciation space is bullish all the way, which is the main reason why it is popular with everyone.

To some extent, in the field of network security, just like the doctor profession, the older you are, the more popular you become. Because the technology becomes more mature, the work will naturally be valued, and promotion and salary increase are a matter of course.

Hacking & Cyber Security How to Learn

Today, as long as you give my article a thumbs-up, I will share my private collection of online security learning materials with you for free, so let’s see what is there.

1. Learning roadmap

The industry has huge room for development and there are many jobs

Great career potential

Hacking & Cyber Security How to Learn

As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.

1. Learning roadmap

[External link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-6uY0Lma4-1692784027240) (C:\Users\Administrator\Desktop\\
etwork Security Mind Map\ \Xiangxue’s first annual salary of 40W + network security engineer bronze to king technology growth route V4.0.png)]

There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.

2. Video Tutorial

Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.

The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
[External link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-pkpElOtW-1692784027241) (C:\Users\Administrator\Desktop\Internet Security Information Screenshot\ Video Courseware.jpeg)]

(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)

Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.

If you are interested in getting started with network security, you can click here if you need it Network security heavy benefits: Getting Started & Advanced A full set of 282G learning resource packages is free to share!

3. Technical documents and e-books

I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.

![Mining Documents (1)](C:\Users\Administrator\Desktop\Internet Security Information Screenshot\Mining Documents (1).png)

Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.

4. Toolkit, interview questions and source code

“If you want to do your job well, you must first sharpen your tools.” I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.

There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.

Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
If you are interested in getting started with network security, you can click here if you need it Network security heavy benefits: Getting Started & Advanced A full set of 282G learning resource packages is free to share!

Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.

These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.

Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.

Content features: Clear organization and graphical representation to make it easier to understand.

Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…

Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.