Security-Research on Corvus Bloghttps://nicoleman0.github.io/blog-site/tags/security-research/Recent content in Security-Research on Corvus BlogHugoen-usMon, 26 Jan 2026 00:00:00 +0000Customizing Conpot for Realistic ICS Emulationhttps://nicoleman0.github.io/blog-site/posts/conpot-customization-blog-post/Mon, 26 Jan 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/conpot-customization-blog-post/<h2 id="the-problem-with-default-templates">The Problem with Default Templates</h2> <p>Conpot&rsquo;s default template emulates an S7-200 PLC with whimsical configuration values clearly designed for demonstration purposes rather than realism. Examining the default <code>template.xml</code> reveals:</p> <div class="highlight"><div style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"> <table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9 </span><span style="white-space:pre;-webkit-user-select:none;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10 </span></code></pre></td> <td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%"> <pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-xml" data-lang="xml"><span style="display:flex;"><span><span style="color:#f92672">&lt;entity</span> <span style="color:#a6e22e">name=</span><span style="color:#e6db74">&#34;unit&#34;</span><span style="color:#f92672">&gt;</span>S7-200<span style="color:#f92672">&lt;/entity&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;key</span> <span style="color:#a6e22e">name=</span><span style="color:#e6db74">&#34;FacilityName&#34;</span><span style="color:#f92672">&gt;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">&lt;value</span> <span style="color:#a6e22e">type=</span><span style="color:#e6db74">&#34;value&#34;</span><span style="color:#f92672">&gt;</span>&#34;Mouser Factory&#34;<span style="color:#f92672">&lt;/value&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;/key&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;key</span> <span style="color:#a6e22e">name=</span><span style="color:#e6db74">&#34;SystemName&#34;</span><span style="color:#f92672">&gt;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">&lt;value</span> <span style="color:#a6e22e">type=</span><span style="color:#e6db74">&#34;value&#34;</span><span style="color:#f92672">&gt;</span>&#34;Technodrome&#34;<span style="color:#f92672">&lt;/value&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;/key&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;key</span> <span style="color:#a6e22e">name=</span><span style="color:#e6db74">&#34;sysLocation&#34;</span><span style="color:#f92672">&gt;</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">&lt;value</span> <span style="color:#a6e22e">type=</span><span style="color:#e6db74">&#34;value&#34;</span><span style="color:#f92672">&gt;</span>&#34;Venus&#34;<span style="color:#f92672">&lt;/value&gt;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">&lt;/key&gt;</span> </span></span></code></pre></td></tr></table> </div> </div><p>While functional for basic honeypot deployment, these values present several issues for research purposes:</p>Deploying an ICS Honeypothttps://nicoleman0.github.io/blog-site/posts/conpot-deployment-blogpost/Mon, 26 Jan 2026 00:00:00 +0000https://nicoleman0.github.io/blog-site/posts/conpot-deployment-blogpost/<p>As part of my MSc research in Information Security at Royal Holloway, University of London, I&rsquo;ve been investigating the threat landscape facing industrial control systems (ICS) and SCADA infrastructure. One of the most effective ways to understand attacker behavior in this space is through honeypot deployment; specifically, using Conpot to emulate vulnerable industrial systems.</p> <p>This post documents my process of deploying a production ICS honeypot on DigitalOcean, the technical considerations involved, and some initial observations from the deployment.</p>