Container-Based HoneyLabs

Deception at Scale with Lightweight Containers

PROJECT STATUS: PLANNED 🟡 STACK: Podman/Docker · FOCUS: Threat Intel · Deception TARGET: Blue Teams · Researchers

⚡ TL;DR

Honeypots are traditionally resource-intensive VMs. This research explores using container orchestration to deploy dynamic, high-interaction honeypots (SSH, HTTP, Database) that can simulate vulnerable services, log attacker activity, and recycle themselves automatically after compromise.

🔬 Core Research Areas

1. High-Interaction Simulation: Making containers look like real vulnerable servers.
2. Logging & Monitoring: Capturing TTY sessions and network traffic.
3. Isolation: Ensuring the honeypot doesn’t become a pivot point.
4. Dynamic Deployment: Spinning up fresh honeypots on demand.

Expected Outcome: A docker-compose / podman play kube setup for a deployable HoneyLab.