Showing posts tagged #honeypot

Return Home

If you want to have a look of what's been downloaded in my honeypot over these months you can now.
In this period of time over 15.000 files have been downloaded, the majority of them being empty files due to bad redirects or malware servers being down. After cleaning up the empty files I'm left with 215, which are available for download here.
The site is password protected but if you want in you can contact me using the contact form found in my landing page or drop a comment below.

I am not responsible for whatever you may

Read More

Logging Cowrie logs to the ELK stack

dashboard

This entry will cover the basics of setting up the Cowrie SSH honeypot and Filebeat to export Cowrie's logs to Elasticsearch, so we can use Kibana to visualize them in charts.

Goal

We will have 2 servers with private networking between them. One will host the ELK stack and the other one Cowrie + Filebeat.

The ELK server will receive and store the logs in ElasticSearch, so we can easily search and visualize them using Kibana, the ElasticSearch front-end.

The honeypot will just give it service and ship logs to the ELK server.

Prerequisites

  • A working ELK installation. Which you can

Read More

Leaving the ssh port open to the wild

Have you ever wondered how much of a threat is having a server exposed to the internet?

I own a server on a public IP that does serve HTTP + SSH, mainly for testing projects, had no domain names pointing to it until a week ago and it is not linked by any other machine (not that I know of). I have had hardened the ssh service with iptables, rate limiting and a more stric ssh configuration. Still it didn't feel safe, as services like shodan do exist.

So, just to be sure, I decided to have a look at the

Read More