For these posts I’m going to cut the commentary and outline exactly what worked in an attempt to help any future readers avoid the same pitfalls while hopefully still receiving the same level of understanding. I consider figuring shit out ‘the hard way’ to be incredibly beneficial since you end up learning so much, but also incredibly frustrating since you have to figure it out yourself. Maybe I can strike a balance in the middle on this post.
I’m going to start setting up at least one honeypot on my home lab which is just a Dell c1100, VMware/ESXi, and pfSense. I plan to isolate the honeypot by creating a new virtual NIC on the pfSense guest, setting the vswitch to promiscuous, tapping Bro or Moloch for pcap and Suricata for IDS, and for the actual honeypot we’re going to run Artillery on Ubuntu. Foreword It’s funny how time consuming these things are and experiencing these issues first hand really m akes me appreciate cloud service providers like Azure or AWS because they take a lot of the pain out of the process.