I wanted to share a project I've been working on that I think you'll find really interesting. It's called Beelzebub, an open-source honeypot framework that uses LLMs to create incredibly realistic and dynamic deception environments.
By integrating LLMs, it can mimic entire operating systems and interact with attackers in a super convincing way. Imagine an SSH honeypot where the LLM provides plausible responses to commands, even though nothing is actually executed on a real system.
The goal is to keep attackers engaged for as long as possible, diverting them from your real systems and collecting valuable, real-world data on their tactics, techniques, and procedures. We've even had success capturing real threat actors with it!
I'd love for you to try it out, give it a star on GitHub, and maybe even contribute! Your feedback,
especially from an LLM-centric perspective, would be incredibly valuable as we continue to develop it.
You can find the project here:
GitHub:https://github.com/mariocandela/beelzebub
Research using beelzebub on public network: - https://beelzebub-honeypot.com/blog/how-cybercriminals-make-money-with-cryptojacking/
- https://beelzebub-honeypot.com/blog/ssh-llm-honeypot-caught-a-real-threat-actor/
Let me know what you think in the comments! Do you have ideas for new LLM-powered honeypot features?
Thanks for your time!
mariocandela•8mo ago
Research using beelzebub on public network: - https://beelzebub-honeypot.com/blog/how-cybercriminals-make-...
- https://beelzebub-honeypot.com/blog/ssh-llm-honeypot-caught-...