portable WiFi honeypot

At DEF CON 26, you may have seen a few folks walking around with small boxes with USB wifi adapters, a 320x240 screens displaying a TUI with a menu and a USB. That is what we called “AP1336”, AKA “access point leet minus one”. Essentially, it has two modes. Honeypot mode and internet sharing mode.

Open WiFi access point with SSH honeypot

The device hands out IP addresses to any associated clients, with an SSH honeypot listening on the gateway interface. All interaction with the SSH honeypot is logged, and attacker sessions can be replayed directly on the screen.

Network sharing WiFi AP with pihole and VPN

The initial purpose of the device was to provide an automatic VPN when connected to untrusted networks, in which all authorized nearby devices can share. Additionally, pihole would remove and prevent ads (malicious or otherwise) where it could from being seen by any connected devices. WAN could be provided by either the built-in ethernet jack, or via a 2nd USB WiFi adapter.


  • Odroid C2
  • micro SD card
  • USB WiFi adapters


  • AP1336

post incomplete - to be finished