GCC Global Cybersecurity Camp

GCC 2021 Online Lecture 2

Implementation of Home T-Pot

Abstract

T-Pot is based on a vanilla Ubuntu 14.04.02 ISO image. The honeypot daemons as well as other support components we used have been paravirtualized using docker. This allowed us to run multiple honeypot daemons on the same network interface without problems make the entire system very low maintenance.
The encapsulation of the honeypot daemons in docker provides a good isolation of the runtime environments and easy update mechanisms.

In T-Pot we combine existing honeypots (glastopf, kippo, honeytrap and dionaea) with the network IDS/IPS suricata, the data monitoring and visualization triple elasticsearch-logstash-kibana, and our own data submission ewsposter which now also supports hpfeeds honeypot data sharing.

Trainer

Name: Mohammad Zahir bin Mat Salleh
Bio :
Mohammad Zahir acquired his Master’s degree in Computer Networking at Technology MARA University (UiTM Shah Alam) in 2014 and currently doing his PhD in IT at UniKL MIIT.

In 2009, Mohammad Zahir finished his studies at Kuala Lumpur University and acquired the Degree of Network System.

Mohammad Zahir has accumulated 11 years of experience in real working environment by applying all Information Technology (IT) knowledge such as Network and ICT Security.

Starting from Apprentice in 2009 at MIMOS Berhad under Network Team and then upgrade to Junior System Engineer at AIG Global Services also attach under NOC (Global Network Operation Center)

From 2010, he worked as Network Engineer in one of Malaysia Public University for nearly eight years (IIUM or UIAM). During eight years at University, he is also experienced in supervision of large-scale Higher Education sector in terms of planning and managing daily network, wireless and ICT security operations.

Resigned from Government staff and then coming back into Private Sector. Join one of top Facilities Management company in Malaysia which is GFM Services Berhad as a IT Engineer. Leverage all my experienced in ICT at this company to build up Data Center and best ICT infrastructure to support the clients. Involved in digitalization from manual process to computerized system.

Then, he jumps to one of top Banking Institution is Malaysia which is Maybank and in charge on WAN operation.

Mohammad Zahir now holds the position of Cyber Security Solution and Engineering at one of Telco company in Malaysia under Cyber Security Operation at CISO.

Back to GCC 2021 Online Page