Building a Honeypot with ChatGPT

Catching threat actors with the power of an AI based CTO.

Let’s be honest, unless you spent the last year in a cave, you have already heard of the power, upsides, downsides and much more of ChatGPT, so I won’t dive into the details.

However, I asked ChatGPT to introduce itself for the purpose of this post.

Building with ChatGPT

For this project, I considered ChatGPT as my virtual CTO and I played the role of a prompt engineer.

What is a Prompt Engineer?

A prompt engineer is an individual who specializes in designing and optimizing prompts for conversational AI models like ChatGPT.

Their role involves crafting input queries or statements in a manner that effectively extracts the desired information or response from the AI. Prompt engineering requires an understanding of the AI model's behaviour, strengths, and limitations.

By strategically formulating prompts, an engineer can improve the quality and relevance of the AI-generated responses, enhancing its overall performance and user experience.

The right prompts for the job

You do not need to get it right from the first time.

Iterative prompt engineering involves refining and adjusting prompts through multiple attempts, which allows prompt engineers to better understand the AI model's behaviour and identify the most effective ways to elicit desired responses.

By continuously experimenting with various phrasings, structures, and context, the prompt engineer can gradually fine-tune the prompts, leading to more accurate, relevant, and coherent outputs.

This iterative approach was crucial in achieving the honeypot goals and enhancing the overall performance.

Building the Honeypot

Initially, I decided to choose a simple honeypot, something I could swiftly try and obtain results with. I st my mind on a printer.

The first prompt

The first prompt is crucial for a honeypot, as it sets the stage for successful AI interaction, enticing potential attackers while maintaining credibility and realism.

Once ChatGPT had outlined its plan, I asked my virtual CTO to share the code with me and I started building the premises of our honeypot.

Once the honeypot ran, I decided to work on building a couple of key features, such as making sure that during a scan, the honeypot would respond the same way an HP printer would.

Building Features

Prototyping and embracing the concept of failing fast played a pivotal role in utilizing ChatGPT for my honeypot project.

By using its own plan and testing it, I was able to quickly identify shortcomings and iterate on the prompt design, leading to more effective and convincing responses.

This approach allowed me to rapidly learn the failures of my prompts, make necessary adjustments.

In this example, I ensured our honeypot to reply to a scan as an HP printer.

Iterating

With the V0.1 of my honeypot built, I asked my virtual CTO how to improve our work and push the boundaries of our honeypot.

Results

Building a proof-of-concept (POC) for a printer honeypot was an interesting project, and while still slightly rough around the edges, it showcases great potential for enhancement.

With some refinement, optimization, and attention to the finer details, this printer honeypot could evolve into an interesting tool.

Catching threat actors

I deployed the printer honeypot in the cloud, and as anticipated, it was scanned within minutes of going live.

Within just six minutes, we observed brute force login attempts on the main connection page and telnet connections targeting the telnet port.

Although the honeypot might not have been convincing enough to lure a human adversary, it successfully attracted automated bots, with one even attempting to modify the IP address within the IP configuration field.

This initial success highlights the potential of the printer honeypot in detecting and analysing cyber threats, while emphasizing the need for further refinements to enhance its effectiveness against more sophisticated attackers.

Summary

Utilizing ChatGPT for fast prototyping is an excellent approach, particularly for those without a developer background, as it enables quick and accessible experimentation.

However, for more complex projects that require intricate customization and advanced functionality, it may be more efficient to engage a professional developer.

Their expertise can expedite the development process and ensure that complex requirements are met effectively. Nevertheless, ChatGPT remains a valuable resource for rapid prototyping in cybersecurity, empowering non-developers to explore, test, and validate their ideas, bridging the gap between concept and implementation.