We capture attacker activity from SSH honeypots into tamper-evident records, hashed with SHA-256 and keccak256 so any later modification is detectable. This is early-stage tooling for evidence integrity, not a legal certification or a claim of court admissibility.
Our evidence capture is built around tamper-evident hashing, EU-region hosting, and GDPR- and NIS2-aware handling. These describe our design intent, not achieved certifications.
EU-region hosting
Honeypot and evidence data hosted in EU-region infrastructure
GDPR
Designed to align with GDPR principles for handling captured activity data
NIS2 Directive
Designed to align with NIS2 expectations for detection and incident records
SHA-256 / keccak256 hashing
Each record is hashed so any later modification becomes detectable
Tamper-evident SHA-256 hashing makes any later change to a record detectable
Hashed timestamps record when each event was captured
Multi-factor verification validates evidence authenticity
PHANTAQSM is an early-stage, Brussels-based SSH honeypot platform that captures attacker activity into SHA-256 / keccak256 hashed, tamper-evident records. We are pilot-ready and would welcome a conversation.