SSH PROXY HONEYPOT COWRIE |
| 2016-03-13 | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
SSH |
| 2025-05-08/a> | Xavier Mertens | No Internet Access? SSH to the Rescue! |
| 2025-04-06/a> | Johannes Ullrich | New SSH Username Report |
| 2024-12-24/a> | Xavier Mertens | More SSH Fun! |
| 2024-12-20/a> | Xavier Mertens | Christmas "Gift" Delivered Through SSH |
| 2024-10-16/a> | Johannes Ullrich | The Top 10 Not So Common SSH Usernames and Passwords |
| 2024-10-07/a> | Xavier Mertens | macOS Sequoia: System/Network Admins, Hold On! |
| 2024-07-23/a> | Johannes Ullrich | New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) |
| 2024-07-01/a> | Johannes Ullrich | SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH. |
| 2024-04-01/a> | Bojan Zdrnja | The amazingly scary xz sshd backdoor |
| 2024-01-02/a> | Johannes Ullrich | Fingerprinting SSH Identification Strings |
| 2022-12-03/a> | Guy Bruneau | Linux LOLBins Applications Available in Windows |
| 2022-07-23/a> | Guy Bruneau | Analysis of SSH Honeypot Data with PowerBI |
| 2022-02-01/a> | Xavier Mertens | Automation is Nice But Don't Replace Your Knowledge |
| 2022-01-16/a> | Guy Bruneau | 10 Most Popular Targeted Ports in the Past 3 Weeks |
| 2021-11-08/a> | Xavier Mertens | (Ab)Using Security Tools & Controls for the Bad |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2020-07-21/a> | Jan Kopriva | Couple of interesting Covid-19 related stats |
| 2020-03-02/a> | Jan Kopriva | Secure vs. cleartext protocols - couple of interesting stats |
| 2019-03-09/a> | Guy Bruneau | A Comparison Study of SSH Port Activity - TCP 22 & 2222 |
| 2018-11-07/a> | Bojan Zdrnja | Tunneling scanners (or really anything) over SSH |
| 2018-08-20/a> | Didier Stevens | OpenSSH user enumeration (CVE-2018-15473) |
| 2018-01-07/a> | Guy Bruneau | SSH Scans by Clients Types |
| 2017-11-01/a> | Rob VandenBrink | Securing SSH Services - Go Blue Team!! |
| 2016-03-15/a> | Xavier Mertens | Dockerized DShield SSH Honeypot |
| 2016-03-13/a> | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
| 2016-01-21/a> | Jim Clausing | Scanning for Fortinet ssh backdoor |
| 2015-06-23/a> | Kevin Shortt | XOR DDOS Mitigation and Analysis |
| 2015-04-03/a> | Didier Stevens | SSH Fingerprints Are Important |
| 2014-07-23/a> | Johannes Ullrich | New Feature: "Live" SSH Brute Force Logs and New Kippo Client |
| 2014-07-02/a> | Johannes Ullrich | Cisco Unified Communications Domain Manager Update |
| 2014-06-11/a> | Daniel Wesemann | Gimme your keys! |
| 2014-01-20/a> | Rob VandenBrink | You Can Run, but You Can't Hide (SSH and other open services) |
| 2013-12-20/a> | Daniel Wesemann | authorized key lime pie |
| 2013-12-02/a> | Richard Porter | Reports of higher than normal SSH Attacks |
| 2013-11-11/a> | Johannes Ullrich | OpenSSH Vulnerability |
| 2013-10-10/a> | Mark Hofman | CSAM Some more unusual scans |
| 2013-06-23/a> | Kevin Liston | Is SSH no more secure than telnet? |
| 2013-02-21/a> | Bojan Zdrnja | SSHD rootkit in the wild |
| 2013-01-26/a> | Scott Fendley | Blocking SSH to Limit Security Exposures |
| 2012-12-27/a> | John Bambenek | It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are? |
| 2012-12-16/a> | Tony Carothers | SSH Brute Force on Non-Standard Ports |
| 2012-12-03/a> | Kevin Liston | Recent SSH vulnerabilities |
| 2012-06-12/a> | Swa Frantzen | F5 ssh configuration goof |
| 2011-12-04/a> | Guy Bruneau | SSH Password Brute Forcing may be on the Rise |
| 2011-11-06/a> | Tom Liston | New, odd SSH brute force behavior |
| 2011-09-15/a> | Johannes Ullrich | SSH Vandals? |
| 2011-08-02/a> | Mark Hofman | SSH Brute Force attacks |
| 2011-07-31/a> | Daniel Wesemann | Anatomy of a Unix breach |
| 2011-07-17/a> | Mark Hofman | SSH Brute Force |
| 2011-03-07/a> | Johannes Ullrich | Outbound SSH Traffic from HP Virtual Connect Blades |
| 2011-02-05/a> | Guy Bruneau | OpenSSH Legacy Certificate Information Disclosure Vulnerability |
| 2010-09-07/a> | Bojan Zdrnja | SSH password authentication insight and analysis by DRG |
| 2010-08-10/a> | Daniel Wesemann | Protect your privates! |
| 2010-08-10/a> | Daniel Wesemann | SSH - new brute force tool? |
| 2010-06-18/a> | Tom Liston | IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks |
| 2010-06-18/a> | Adrien de Beaupre | Distributed SSH Brute Force Attempts on the rise again |
| 2010-01-18/a> | Stephen Hall | Uplift in SSH brute forcing attacks |
| 2010-01-01/a> | G. N. White | Dealing With Unwanted SSH Bruteforcing |
| 2009-10-17/a> | Rick Wanner | Cyber Security Awareness Month - Day 17 - Port 22/SSH |
| 2009-10-02/a> | Stephen Hall | New version of OpenSSH released |
| 2009-07-09/a> | Bojan Zdrnja | OpenSSH 0day FUD |
| 2009-07-07/a> | Marcus Sachs | OpenSSH Rumors |
| 2009-04-17/a> | Daniel Wesemann | Guess what? SSH again! |
| 2009-04-07/a> | Johannes Ullrich | SSH scanning from compromised mail servers |
| 2009-03-30/a> | Daniel Wesemann | Watch your Internet routers! |
| 2008-10-02/a> | Kyle Haugsness | Low, slow, distributed SSH username brute forcing |
| 2008-08-26/a> | John Bambenek | Active attacks using stolen SSH keys (UPDATED) |
| 2008-06-09/a> | Scott Fendley | So Where Are Those OpenSSH Key-based Attacks? |
| 2008-05-16/a> | Daniel Wesemann | INFOcon back to green |
| 2008-05-15/a> | Bojan Zdrnja | Debian and Ubuntu users: fix your keys/certificates NOW |
| 2008-05-15/a> | Bojan Zdrnja | INFOCon yellow: update your Debian generated keys/certs ASAP |
| 2008-05-13/a> | Swa Frantzen | OpenSSH: Predictable PRNG in debian and ubuntu Linux |
| 2008-05-12/a> | Scott Fendley | Brute-force SSH Attacks on the Rise |
| 2006-10-03/a> | Swa Frantzen | Detecting attacks against servers |
PROXY |
| 2025-05-08/a> | Xavier Mertens | No Internet Access? SSH to the Rescue! |
| 2025-02-15/a> | Xavier Mertens | The Danger of IP Volatility |
| 2024-12-24/a> | Xavier Mertens | More SSH Fun! |
| 2022-10-07/a> | Xavier Mertens | Critical Fortinet Vulnerability Ahead |
| 2021-10-14/a> | Xavier Mertens | Port-Forwarding with Windows for the Win |
| 2021-09-15/a> | Brad Duncan | Hancitor campaign abusing Microsoft's OneDrive |
| 2021-08-09/a> | Jan Kopriva | ProxyShell - how many Exchange servers are affected and where are they? |
| 2021-04-16/a> | Xavier Mertens | HTTPS Support for All Internal Services |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2017-03-08/a> | Richard Porter | What is really being proxied? |
| 2016-08-24/a> | Xavier Mertens | Example of Targeted Attack Through a Proxy PAC File |
| 2016-03-13/a> | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
| 2014-02-24/a> | Russ McRee | Explicit Trusted Proxy in HTTP/2.0 or...not so much |
| 2012-12-06/a> | Johannes Ullrich | How to identify if you are behind a "Transparent Proxy" |
| 2011-08-14/a> | Guy Bruneau | Telex - A Radical New Approach to Bypass Security |
| 2009-03-10/a> | Swa Frantzen | Browser plug-ins, transparent proxies and same origin policies |
HONEYPOT |
| 2025-04-23/a> | Jesse La Grew | Honeypot Iptables Maintenance and DShield-SIEM Logging |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-13/a> | Guy Bruneau | DShield SIEM Docker Updates |
| 2025-01-16/a> | Jesse La Grew | Extracting Practical Observations from Impractical Datasets |
| 2024-12-26/a> | Jesse La Grew | Capturing Honeypot Data Beyond the Logs |
| 2024-12-09/a> | Jesse La Grew | CURLing for Crypto on Honeypots |
| 2024-11-06/a> | Jesse La Grew | [Guest Diary] Insights from August Web Traffic Surge |
| 2024-09-13/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 2 |
| 2024-09-06/a> | Jesse La Grew | Enrichment Data: Keeping it Fresh |
| 2024-08-16/a> | Jesse La Grew | [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools |
| 2024-07-10/a> | Jesse La Grew | Finding Honeypot Data Clusters Using DBSCAN: Part 1 |
| 2024-04-25/a> | Jesse La Grew | Does it matter if iptables isn't running on my honeypot? |
| 2024-03-10/a> | Guy Bruneau | What happens when you accidentally leak your AWS API keys? [Guest Diary] |
| 2024-03-07/a> | Jesse La Grew | [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting |
| 2024-03-03/a> | Guy Bruneau | Capturing DShield Packets with a LAN Tap [Guest Diary] |
| 2024-02-25/a> | Guy Bruneau | Utilizing the VirusTotal API to Query Files Uploaded to DShield Honeypot [Guest Diary] |
| 2024-02-18/a> | Guy Bruneau | Mirai-Mirai On The Wall... [Guest Diary] |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2024-01-30/a> | Johannes Ullrich | What did I say to make you stop talking to me? |
| 2024-01-17/a> | Jesse La Grew | Number Usage in Passwords |
| 2023-12-27/a> | Guy Bruneau | Unveiling the Mirai: Insights into Recent DShield Honeypot Activity [Guest Diary] |
| 2023-12-13/a> | Guy Bruneau | T-shooting Terraform for DShield Honeypot in Azure [Guest Diary] |
| 2023-12-10/a> | Guy Bruneau | Honeypots: From the Skeptical Beginner to the Tactical Enthusiast |
| 2023-11-30/a> | John Bambenek | Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today |
| 2023-11-27/a> | Guy Bruneau | Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary] |
| 2023-11-20/a> | Jesse La Grew | Overflowing Web Honeypot Logs |
| 2023-10-15/a> | Guy Bruneau | Domain Name Used as Password Captured by DShield Sensor |
| 2023-09-14/a> | Jesse La Grew | DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G |
| 2023-09-09/a> | Guy Bruneau | ?Anyone get the ASN of the Truck that Hit Me?!?: Creating a PowerShell Function to Make 3rd Party API Calls for Extending Honeypot Information [Guest Diary] |
| 2023-09-05/a> | Jesse La Grew | Common usernames submitted to honeypots |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2023-08-31/a> | Guy Bruneau | Potential Weaponizing of Honeypot Logs [Guest Diary] |
| 2023-08-12/a> | Guy Bruneau | DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary] |
| 2023-07-23/a> | Guy Bruneau | Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs |
| 2023-07-13/a> | Jesse La Grew | DShield Honeypot Maintenance and Data Retention |
| 2023-07-06/a> | Jesse La Grew | IDS Comparisons with DShield Honeypot Data |
| 2023-06-11/a> | Guy Bruneau | DShield Honeypot Activity for May 2023 |
| 2023-05-14/a> | Guy Bruneau | DShield Sensor Update |
| 2023-04-17/a> | Jan Kopriva | The strange case of Great honeypot of China |
| 2023-01-31/a> | Jesse La Grew | DShield Honeypot Setup with pfSense |
| 2022-12-29/a> | Jesse La Grew | Opening the Door for a Knock: Creating a Custom DShield Listener |
| 2022-12-21/a> | Guy Bruneau | DShield Sensor Setup in Azure |
| 2022-09-12/a> | Johannes Ullrich | VirusTotal Result Comparisons for Honeypot Malware |
| 2022-08-18/a> | Johannes Ullrich | Honeypot Attack Summaries with Python |
| 2022-06-15/a> | Johannes Ullrich | Terraforming Honeypots. Installing DShield Sensors in the Cloud |
| 2022-05-03/a> | Johannes Ullrich | Some Honeypot Updates |
| 2022-03-31/a> | Johannes Ullrich | Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2021-01-15/a> | Guy Bruneau | Obfuscated DNS Queries |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-07-01/a> | Jim Clausing | Setting up the Dshield honeypot and tcp-honeypot.py |
| 2020-06-28/a> | Guy Bruneau | tcp-honeypot.py Logstash Parser & Dashboard Update |
| 2020-06-25/a> | Johannes Ullrich | Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release. |
| 2020-06-20/a> | Tom Webb | Pi Zero HoneyPot |
| 2020-06-05/a> | Remco Verhoef | Not so FastCGI! |
| 2020-05-01/a> | Jim Clausing | Attack traffic on TCP port 9673 |
| 2020-01-12/a> | Guy Bruneau | ELK Dashboard and Logstash parser for tcp-honeypot Logs |
| 2019-11-03/a> | Didier Stevens | You Too? "Unusual Activity with Double Base64 Encoding" |
| 2018-11-09/a> | Tom Webb | Playing with T-POT |
| 2018-05-27/a> | Guy Bruneau | Capture and Analysis of User Agents |
| 2017-08-03/a> | Johannes Ullrich | Using a Raspberry Pi honeypot to contribute data to DShield/ISC |
| 2017-07-27/a> | Xavier Mertens | TinyPot, My Small Honeypot |
| 2017-03-12/a> | Guy Bruneau | Honeypot Logs and Tracking a VBE Script |
| 2017-02-21/a> | Jim Clausing | Quick and dirty generic listener |
| 2016-12-31/a> | Xavier Mertens | Ongoing Scans Below the Radar |
| 2016-11-13/a> | Guy Bruneau | Bitcoin Miner File Upload via FTP |
| 2016-07-07/a> | Johannes Ullrich | Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste? |
| 2016-06-03/a> | Tom Liston | MySQL is YourSQL |
| 2016-05-14/a> | Guy Bruneau | INetSim as a Basic Honeypot |
| 2016-04-27/a> | Tom Webb | Kippos Cousin Cowrie |
| 2016-03-15/a> | Xavier Mertens | Dockerized DShield SSH Honeypot |
| 2016-03-13/a> | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
| 2015-04-14/a> | Johannes Ullrich | Odd POST Request To Web Honeypot |
| 2014-07-31/a> | Chris Mohan | A Honeypot for home: Raspberry Pi |
| 2014-06-30/a> | Johannes Ullrich | Should I setup a Honeypot? [SANSFIRE] |
| 2014-05-01/a> | Johannes Ullrich | Busybox Honeypot Fingerprinting and a new DVR scanner |
| 2013-07-25/a> | Johannes Ullrich | A Couple of SSH Brute Force Compromises |
| 2013-07-13/a> | Lenny Zeltser | Decoy Personas for Safeguarding Online Identity Using Deception |
| 2010-11-05/a> | Adrien de Beaupre | Bot honeypot |
| 2009-10-26/a> | Johannes Ullrich | Web honeypot Update |
| 2009-09-18/a> | Jason Lam | Results from Webhoneypot project |
| 2009-06-11/a> | Jason Lam | Dshield Web Honeypot going beta |
| 2009-03-26/a> | Mark Hofman | Webhoneypot fun |
| 2009-02-17/a> | Jason Lam | DShield Web Honeypot - Alpha Preview Release |
| 2008-12-01/a> | Jason Lam | Call for volunteers - Web Honeypot Project |
COWRIE |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-13/a> | Guy Bruneau | DShield SIEM Docker Updates |
| 2024-12-26/a> | Jesse La Grew | Capturing Honeypot Data Beyond the Logs |
| 2024-10-17/a> | Guy Bruneau | Scanning Activity from Subnet 15.184.0.0/16 |
| 2024-10-03/a> | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-02-03/a> | Guy Bruneau | DShield Sensor Log Collection with Elasticsearch |
| 2024-01-30/a> | Johannes Ullrich | What did I say to make you stop talking to me? |
| 2023-07-23/a> | Guy Bruneau | Install & Configure Filebeat on Raspberry Pi ARM64 to Parse DShield Sensor Logs |
| 2023-05-24/a> | Jesse La Grew | More Data Enrichment for Cowrie Logs |
| 2022-05-03/a> | Johannes Ullrich | Some Honeypot Updates |
| 2020-04-02/a> | Tom Webb | TPOT's Cowrie to ISC Logs |
| 2016-03-13/a> | Xavier Mertens | SSH Honeypots (Ab)used as Proxy |
