AWS HoneyUsers

Deception technology and techniques are having a resurgence, expanding beyond the ‘traditional’ high/low- interaction honeypots, into honeyfiles, honeytokens and (as you may have guessed from title) honeyusers. Today is the culmination of a “what if?” idea I’d been thinking for years, actually started working on earlier in the year (but then 2020 happened), but is […]

Cowrie SSH Honeypot – AWS EC2 build script

Happy New Year all! Whilst eating FAR too much turkey and chocolates over the festive break, I’ve managed to progress a couple of personal projects on (between stints on the kids’ Scalectrix track, thanks Santa). Still tasks to do(*), but a working EC2 User-Data script to build to automate deployment Cowrie honeypot has reached MVP […]

Tales from the Honeypot: Bitcoin miner

My Kippo farm has been largely retired as most of the captured sessions where becoming stale and ‘samey’. Thankfully however, I’ve still been getting daily reports thanks to this script (now available in BitBucket repo) and this morning something new caught my attention – a ‘guest’ attempted to turn the compromised machine into a BitCoin miner.

Pipal password analysis of Kippo password useage

Trying to find an opportunity to give Pipal a run out, I decided to take a look at the passwords gathered by my Kippo installation. First up, I decided to take a look at the passwords used with added accounts once intruders compromise the system. Curious to see if the passwords chosen by those that break systems are vulnerable to the same weaknesses of standard users.