Setting up T-Pot in AWS Cloud (2020)

What is T-Pot?

T-Pot is a collection of dockerized versions of 18 honeypots (in T-Pot version 20.06) in combination with some powerful tools like the ELK stack for beautiful visualisation of all events captured by T-Pot.

Why is it of interest?

T-Pot is an easy way to collect all kind of information about ongoing cybersecurity threats without the hazzle of setting up a large amount of different systems by your own. The honeypots will pretend to be vulnerable servers and by doing so, invite automated attacks as well as manually hacking attempts.

How to set it up?

I decided to launch my T-Pot instance in the AWS cloud, to learn more about AWS and it’s oppurtunities in general. An additional advantage is a relative secure setup without risking to much of our own infrastructure. We can simply pull the plug from the system if something bad happens without losing anything of value.

What you need

  • AWS account
  • a working internet connection
  • SSH client on Linux or MacOS, or something like Putty on Windows
  • some Linux command line skills
  • basic networking knowledge

Creating the EC2 Instance

We need to choose an AWS region where our instance will be located. I decided for Europe Frankfurt, because I life in Germany and so I’m interessted in current threats attacking Europe.

Setting up T-Pot

Open your terminal and navigate to the folder which contains the private keyfile you have downloard during the instance configuration.

chmod 400 aws-key.pem
ssh -i aws-key.pem admin@18.185.248.57
sudo apt update sudo apt upgrade -y
sudo apt install git -y git clonehttps://github.com/dtag-dev-sec/tpotce
cd tpotce
sudo ./install.sh --type=user

Connecting to T-Pot

During the setup the auto installer changed many things on the system to make it way more attractive for potential attackers. On thing that has changed is the way to log into to. You can not use port 22 for connecting via SSH any longer and so need to change the network security rule inside the AWS management console.

Well known secret superhero - Cybersecurity enthusiast #OSCP #CEH 🧙‍♂️