Live signal lab

NadSec-Online Portal

A public, simplified Kibana-style view of NadSec honeypots. Per-sensor attack telemetry, monthly AI-written reports, IOC feeds, and downloadable STIX logs—ready to drop into your workflows.

Open ADBHoney view See how it flows

T-Pot CE backboneOTX STIX 2.1Robert AI briefs

Stack status

Honeypots online

Cisco ASA, SSH, ADB, Redis, Elastic - expanding as new traps go live.

Distribution

OTX pulses

Public STIX exports

Reporting brain

Robert AI

Monthly narratives

guest@nadsec:~

Signals we surface

Indicator rich

STIX bundles packed with IPs, hashes, and context labels you can drop straight into SIEM, blocklists, or enrichment.

Signals we surface

Exploit telemetry

Payloads, botnet binaries, and brute-force sequences pulled directly from high-interaction traps. No production data, ever.

Signals we surface

New

AI briefs

Robert AI reads the noise, clusters infrastructure reuse, and writes the monthly digest humans actually want to read.

Quick pulse

Latest ADBHoney indicators

Pulled directly from the newest STIX bundle (November 2025).

View full dashboard

Unique IPs

Source IPs observed this month.

SHA-256 hashes

File samples trapped by the honeypot.

Indicator objects

STIX indicator objects published.

Signal score

Heuristic strength of the current drop.

Sensors

Per-honeypot views

Each sensor gets its own dashboard, STIX download, and monthly AI brief. Graphs will land alongside IOC feeds.

Open ADBHoney

ADBHoney

Live

ADB trap on TCP/5555 with monthly reports and STIX download.

TPOCE full stack

Planned

Complete honeypot stack surfacing per-protocol attack slices.

SSH / Telnet

Planned

Brute-force telemetry, creds, and repeat-offender tracking.

Cisco ASA

Planned

VPN auth spray attempts, geo heat, and exploit strings.

Suricata High/Medium

Planned

Network IDS hits with IOC exports and brief summaries.

Roadmap

Incoming traps and UX

In build

Cisco ASA + SSH

Geo heat, exploit strings, and repeat-offender tracking for VPN auth and SSH spray campaigns.

Malware lab notes

Reverse-engineer blurbs plus YARA snippets for binaries pulled off the traps.

Automation hooks

Webhooks, RSS, and JSON feeds so every new indicator can sink directly into your stack.

Archive UX

Month-by-month browsing with search, filters, and CSV export for the spreadsheet faithful.

How it works

Pipeline from trap to dashboard

No production data

Catch

T-Pot CE honeypots sit on noisy ports, vacuuming malicious sessions and payloads on purpose.

Normalize

Events are enriched and pushed into AlienVault OTX as rolling pulses with STIX 2.1 exports.

Translate

Robert AI ingests the pulses and writes human-friendly monthly reports for each honeypot.

Publish

Dashboards like ADBHoney render metrics, reports, and indicator tables for anyone to consume.

Ethos and safety

This is a research playground. Everything shown is derived from honeypot traffic only - no production user data, no private traffic, no exceptions. Telemetry refreshes monthly with each report drop. Share the links, clone the STIX, or ignore it entirely - your call.