Furthering our underst和ing of the attacker mindset

An Introduction to 项目海森堡

项目海森堡 began in 2014 with a singular purpose: underst和 what attackers, 研究人员, 和 organizations are doing in, 在, 和 against cloud environments. It does this by deploying low interaction honeypots—or computers that do not solicit services—globally 和 recording telemetry about connections 和 incoming attacks to better underst和 the tactics, 技术, 和 procedures used by bots 和 human attackers.

多年来, 项目海森堡’s impact has been two-fold: First, it has enabled us to provide a rational, objective assessment of attacker behaviors 和 their potential impacts. This helps establish relationships with other internet-scale 研究人员 to create forums for collaboration 和 confirmation when new threats arise. 第二个, insights extracted from Heisenberg have raised awareness about the depth 和 breadth of determined attackers, 机会主义攻击者, organizational misconfigurations, 和 what security 研究人员 are poking for on the internet. You can explore these insights in Rapid7 studies such as Off the Chain: Observing Bitcoin Nodes on the Public Internet, 攻击者的字典,我们的 季度威胁报告, 和 see them put into practice with groundbreaking Attacker-Based分析 在我们的 InsightIDR 产品.




The Heisenberg honeypot framework is a modern take on the seminal attacker detection tool: Each Heisenberg node is a lightweight, configurable agent that is centrally deployed using well-tested tools 和 controlled from a central administration portal. Virtually any honeypot code can be deployed to Heisenberg agents, 和 all agents send back full packet captures for post-interaction analysis. Currently, we have deployed over 150 honeypots worldwide, 在 5 continents.

All interaction 和 packet capture data is synchronized to a central collector, 和 all real-time logs are fed directly into Rapid7 产品s for live monitoring 和 historical data mining. When an unsolicited connection attempt is made to one of our honeypots, it often calls for further analysis.


Heisenberg Honeypot Technology

Ready to see this research put into practice? Explore intruder traps 和 Attacker-Based分析 with a free trial of InsightIDR.


The path to a more secure world starts with sharing knowledge. 联系 our 研究人员 to get involved.