DionaeaFR – A Window Into Your Honeypot

In my previous post, I discussed installing a Dionaea honeypot to catch malware. If you used MHN (also discussed last time) to deploy your Dionaea instance, you are quite limited by the default interface as to the information that you can display about your honeypot traffic. There are a number “top 5” lists, for instance. You can also get a… Read more »

Let The Malware Come to You – Dionaea Honeypot

In previous posts, I’ve talked about searching for malware. With a honeypot, you can let malware come to you. I recently implemented a Dionaea honeypot. I chose Dionaea because it’s often found at or near the top of lists of malware-gathering honeypots. What I didn’t realize at the time was that it seems like it’s really not officially maintained anymore…. Read more »

Finding Malware On Your Own

In my previous post, I listed a number of websites that offer either malware collections or links to infected sites but what if you want to find your own infected sites (and malware)? Make no mistake, finding malware on your own is generally slow and tedious. One of the best ways that I’ve found to “stumble” upon an infected website… Read more »

One Way To Use Maltego To Find Malware

McAfee Labs published a blog post on 10 June 2016 entitled “‘Thrones’ Jon Snow Appears To Employ Neutrino Exploit Kit”. In that post, the author noted that many Neutrino-directing URLs have been using .top domain extensions. One of the examples he used was: hxxp://eilong.top He went on to point out that the threat actor in this case had registered the… Read more »