A shared kernel between the Host and cages makes ManTrap powerful for data capture. The Host system can passively capture all the activity of each cage without the attacker’s knowledge. This includes activity such as process events, kernel activity, or data passing through the streams module. Even encryption does not hide the attackers’ activities, all keystrokes and actions are captured. This makes ManTrap extremely powerful.
A second weapon in ManTrap’s information-gathering arsenal is network captures. As we discussed earlier, ManTrap detects attacks not only against ports it is listening on but against every possible port.
ManTrap logs all the system and network-captured activity to a specific file for each cage. This ...