RST Honeypot Network

RST Cloud’s Honeypot Network provides comprehensive, real-time threat intelligence through advanced automated detection and analysis of threats worldwide. Our service delivers fresh, actionable data on global web threats, covering key regions, including Australia, the United States, South Africa, Hong Kong, India, Japan, South Korea, Singapore, Indonesia, Malaysia, Canada, Switzerland, Ireland, the United Kingdom, France, the UAE, Bahrain, and Brazil.

RST Cloud Honeypot Network

External Threat and Automated Attack Monitoring

Our Honeypot Network is designed to detect and analyse automated attacks originating from malicious IP addresses, complementing the RST Threat Feed with the most relevant data on active threats and their indicators of compromise. This empowers organisations with timely, actionable insights to enhance their defences against evolving cyber threats.

We monitor an extensive range of threats, from network scanning and brute-force attempts to sophisticated web application attacks. Our detection capabilities cover a wide array of known automated threats, including:

  • Network Scanners and Vulnerability Assessment Tools: Recognizes tools like Zgrab, Nikto, sqlmap, Nessus, Nmap, Arachni, Metasploit, OpenVAS, Skipfish, W3af, Acunetix, etc.
  • Reconnaissance and Exploitation Tools: Detects reconnaissance tools like HTTrack, WebInspect, Netsparker, Burp Suite, AppScan, Zap, Vega, WebShag, Paros, etc.
  • Brute Force and Fingerprinting Tools: Identifies tools like Dirbuster, Masscan, SSLScan, WhatWeb, Hydra.

Web Attack Detection and Protection

The RST Honeypot Network functions as a robust source of knowledge about web attacks, monitoring for threats such as:

  • Remote Code Execution (RCE)
  • Sensitive Data Exposure
  • Security Misconfiguration
  • SQL Injections (e.g., EXECUTE, HAVING, Chained SQL)
  • Cross-Site Scripting (XSS)
  • Path/Directory Traversal
  • JavaScript and DOM Manipulation Attacks
  • Cross-Site Request Forgery (CSRF)
  • Shellcode Injection and Directory Attacks
  • Unauthorised System Access Attempts
  • Various encoding and obfuscation-based attacks

These capabilities enable organisations to proactively block or mitigate known and emerging threats across diverse sectors and regions.

Information Extraction and Analysis

RST Cloud’s honeypot infrastructure captures essential threat intelligence to support proactive cybersecurity measures:

  • Callback Extraction: Identifies exploit callbacks and payload download sources, monitoring malicious communication attempts.
  • Scanner Identification: Detects reconnaissance and automated scanning tools, allowing organizations to stay alerted to incoming probes.
  • Shell Injections and Botnet Payload Sources: Tracks shell injections and botnet payload downloads (e.g. Mozi), aiding in the detection of compromised systems and botnet activity.

RST Honeypot Network empower security teams with actionable intelligence, enabling rapid response to global threat activity and improving organisational defences against automated and targeted cyber threats.