In an increasingly digital world, applications and services are increasingly implemented through various, diverse systems. Similarly, threats faced by different environments can change as the attackers must adapt to the systems, either because of the file structures, firewall rules, and how data that may be stored. Our final project studied three possible environments that may be commonly encountered: a personal computer, an application server, and a web server. The major question we wanted to answer was: How do attacker interactions differ between these three environments? To do this, we configured a custom honeypot VM and MITM setup to attract attackers and collect data on their behaviors, such as keystrokes and IP addresses, over a 39 day period. We analyzed the data and compiled our final results in a paper and presentation.

This team project was the culmination of two years in the ACES Honors College as a semester long assignment. The project included four parts:
(1) choosing a topical cybersecurity research question and researching a corresponding hypothesis;
(2) configuring a Linux virtual machine hosted on the UMD network with firewall rules, setting up a MITM service, and writing custom bash scripts;
(3) troubleshooting and collecting data using custom Python programs from the system over a period of six weeks;
(4) doing statistical analysis on our data and communicating the final results in a paper and presentation.

From this project, I was able to apply skills I learned from my HACS courses and apply it to in a larger scope. During the project, we encountered multiple difficulties in the VM system, requiring us to work as a team to troubleshoot as quickly as possible as to not lose time on our brief data collection window.