SSH honeypot (Cowrie) exposed on a production server. Bots and attackers connecting to port 22 interact with a simulated vulnerable system. All credentials, commands, and sessions are logged in real time.