Introduction

What?

Set up decoys, attribute an attack, trap an attacker.

Why?

Slow down adversaries and gain attribution information.

How?

Most open source honeypot dockers can be set up in a lab in a weekend, including T-pot, and can then be used to learn what kind of telemetry one might get from the different honeypots.

If you manage to fingerprint any of the used honeypots, make sure to let the creators know.