Logging Cowrie logs to the ELK stack

dashboard

This entry will cover the basics of setting up the Cowrie SSH honeypot and Filebeat to export Cowrie's logs to Elasticsearch, so we can use Kibana to visualize them in charts.

Goal

We will have 2 servers with private networking between them. One will host the ELK stack and the

Read More

The Ruby on Rails framework provides a pretty good built-in filter for SQL injection if you use ActiveRecord methods such as find or find_by.
But that does not mean you can carelessly throw parameters to an ActiveRecord method as the methods that take an SQL fragment are still vulnerable

Read More

List every host that attempted to connect

zgrep sshd /var/log/auth.log* | grep rhost | sed -re 's/.*rhost=([^ ]+).*/\1/' | sort -u  
Command breakdown
  • zgrep sshd /var/log/auth.log*: Search for sshd in every auth.log file. Even the .gz ones.
  • grep rhost: Filter out the lines that

Read More