Honeypots Revisited

      20 Comments on Honeypots Revisited

I’ve written in previous posts about my honeypot setups and the visualization software that I use to display the data. You may also recall that I typically run my honeypots on underpowered cloud-based servers in an effort to keep costs low. This has caused a few issues at times. First of all, I’ve found that the various visualization software packages… Read more »

It’s Clear We Need A Sorting Hat

A few of my earlier posts detailed some of the methods that I use to find malware. Those methods all essentially required you to actively hunt for malware. The exceptions being my articles on honeypots where we can “let the malware come to us”. Recently, I’ve been going through a really good classic book on malware analysis entitled “Malware Analyst’s… Read more »

Down A Rabbit Hole, Part 2

      1 Comment on Down A Rabbit Hole, Part 2

In the previous post, a run-of-the-mill tech support scam pop-up from the website apple-techsupport[.]online started us on our trip down a rabbit hole. Now I realize that our trip thus far hasn’t been all that unusual. These types of domain relationships are encountered routinely by  malware hunters. However, this is where it gets more unconventional… Here’s our Google search from… Read more »

DionaeaFR – A Window Into Your Honeypot

In my previous post, I discussed installing a Dionaea honeypot to catch malware. If you used MHN (also discussed last time) to deploy your Dionaea instance, you are quite limited by the default interface as to the information that you can display about your honeypot traffic. There are a number “top 5” lists, for instance. You can also get a… Read more »

Let The Malware Come to You – Dionaea Honeypot

In previous posts, I’ve talked about searching for malware. With a honeypot, you can let malware come to you. I recently implemented a Dionaea honeypot. I chose Dionaea because it’s often found at or near the top of lists of malware-gathering honeypots. What I didn’t realize at the time was that it seems like it’s really not officially maintained anymore…. Read more »