One of the many reasons I decided to deploy honeypots is to be able to observe attacker tactics, techniques, and procedures (TTPs). This blog post will share a frequently used tactic that attackers use to keep access once they have compromised one of my distributed honeypots. You may benefit from the rest of this content … Read more
This blog post is the second installment of a series I want to use to cover lessons learned and interesting observations from my honeypots. These honeypots are geographically dispersed and have been running for a few years. Hopefully, this and future posts will add some value for someone. While looking over some of my honeypot … Read more
I highly recommend using SSH Public Key Authentication and a customized SSH client configuration to ease your everyday SSH workflows. I have more than 10 servers that I manage on a daily basis and using a password for each one would be tedious. Using the same password for all of them is definitely not recommended … Read more
A honeypot is a form of deception technology used to observe threat actor tactics, techniques, and procedures (TTP). I have deployed a customized version of the Cowrie honeypot in several regions, and I have one at home to capture residential IP space activity. The Honeypot Diaries will be a recurring series that I will use to share … Read more
Whenever I stand up a new Linux machine, I always find myself doing the same four things: Creating my main user account Creating an ansible user account Configuring sudoers Copying over SSH Public Keys. Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in … Read more
If you manage servers with OpenSSH access, you have no doubt been subject to the barrage of ssh brute-force attempts that occurs across the internet. Some administrators deal with this by either changing the default port (security by obscurity), utilizing public keys, threshold blocking, or white-listing source IP addresses among other things. AWS has security … Read more