I SETUP A HONEYPOT AND GOT MORE THAN 3K SSH SESSIONS FROM HACKERS #threatanalysis #raspberrypi

preview_player
Показать описание

From June 28, 2020, to August 3, 2020, I recorded more than ssh 3K sessions from all over the world.

To accomplish this, all I had to do was to expose a raspberry pi through my router’s DMZ running cowrie, “a medium to high interaction SSH designed to log brute force attacks and the shell interaction performed by the attacker”.

Sessions contained all kinds of ssh interactions: trojans, rootkits, and even friendly hello messages.

I also stored more than 1 week of network traffic, our little raspberry PI interacted with more than 8000 IP addresses.

My mission in this paper is to analyze thread data, including network data, session logs, and how honeypots can be leveraged to understand threads. I will also propose some mitigation strategies that could be implemented at the ssh server and OS levels.

#cowrie #tcpdump #malware #linux #programminglife #struggleisreal #codingmemes #marycondo #rustlang #learncoding #computerscience #computersciencemajor #computersciencestudent #cleancoding #cleanprogramming #ipsec #opsec 🤣
  1. Dario
  2. how to use cowrie
  3. what is a honey pot
  4. how to use a hone pot
  5. projects with raspberry pi
  6. threat analysis projects
Рекомендации по теме
What is a 0:18:26

What is a Honeypot? | How-To Setup & Install (WALKTHROUGH)

What is a 0:10:59

What is a honeypot, How to install and what can we see from honeypots?

Easiest way to 0:09:40

Easiest way to set up a honeypot!: Ten Minute Tutorials

SSH Honeypot in 0:04:48

SSH Honeypot in 4 Minutes - Trap Hackers in Your Server

What is a 0:01:13

What is a Honeypot?

Setup a honeypot 0:14:02

Setup a honeypot and catch hackers for FREE | cowrie tutorial

How to Build 0:14:30

How to Build a Honeypot and Catch Hackers (Cybersecurity Project)

Solana Honeypot 🍯 0:07:14

Solana Honeypot 🍯 Create a Honeypot Crypto on Solana

Honeypot Ants | 0:00:58

Honeypot Ants | The Honey Ants Guinea Pig | Do They Make Great Pets?#Paws & Claws 2.0

Setting Up a 0:23:55

Setting Up a Honeypot in AWS and Analyzing Cyber Attacks (Check pinned comment for 2022 update)

Is T-POT The 0:19:58

Is T-POT The ULTIMATE HONEYPOT Platform?

Build Your Own 0:12:13

Build Your Own SSH Honeypot in Minutes

Install and Configure 0:06:51

Install and Configure a Honeypot

What is a 0:02:35

What is a Honeypot (Cybersecurity)? Honeypot Benefits and Risks

Cyber Security Projects 0:09:22

Cyber Security Projects - Honeypot (watch hackers FAIL...it's AWESOME!!)

How to quickly 0:02:22

How to quickly deploy a honeypot with Kali Linux

How To Setup 0:02:35

How To Setup A Honeypot - Turn Your SSH Server Into A Trap

Build a Honeypot 2:01:49

Build a Honeypot to Trap Hackers & Bots in Python (Crash Course)

Cowrie Honeypot 0:01:50

Cowrie Honeypot

What are Honeypots, 0:10:52

What are Honeypots, and How to Avoid Them.

What’s Inside My 0:00:27

What’s Inside My Honeypot Ant Colony?

How to setup 0:04:27

How to setup a Honeypot with Pentbox in Kali Linux

Let's Catch Some 0:32:29

Let's Catch Some Hackers - Deploying a Honeypot! #1

I SETUP A 0:08:32

I SETUP A HONEYPOT AND GOT MORE THAN 3K SSH SESSIONS FROM HACKERS #threatanalysis #raspberrypi

Комментарии
Автор

This looks like a fun way to get malware samples that exist in the wild

djsnackcakes
Автор

The music bad
The content good
dump the music, the content is more than enough

vizionthing
Автор

Amazing presentation! Hands-on, real world examples of threats with explanations that were clear and concise with recommendations threat reduction practices. I'd hire you on the spot as Security Officer. Great stuff!

Mrthfret
Автор

I could still percieve pieces of speech over the music when concentrating. You should increase the music volume some more...^^

jackmclane
Автор

remember, only YOU can provide yourself security

kaptn_kage
Автор

4:23 I know exactly what that URL is. They are used to infect devices for DDoS botnets. Greenhat hackers, skiddies, etc. use a tool called 'zmap' to scan the world for IPs with a port open, like 22 for ssh or 23 for telnet, they use a file called 'update' to brute force all of them, and they use 'loaders' to try to connect to these servers and execute a 'payload' on the server. That payload infects a device and they can DDoS with it. Most people who do that don't know anything about what they're doing, they're skids.

EmptyCOS
Автор

Could you do a video where you set this up? Thanks!

riversiderocks
Автор

Nice content! I like it
Next time try lowering the volume of the music, it's a bit too high I think

mateolopez
Автор

I remember getting a lot of attacks once I opened up a SFTP server on my pi.(Just need port 22 open on the router) Running 'Fail2ban' was always fun to see how many people were trying to attack it on a regular basis. Unfortunately I could never get any of the honeypot software setup on it.

woolfy
Автор

neat vid .. u music is way WAY to loud

VorpalForceField
Автор

Thanks for sharing this. I'm rethinking my plan to set up my raspberry pi to be exposed to the Internet through my router.

Hamsters
Автор

just pointing out the '-c' grep option: "Suppress normal output; instead print a count of matching lines for each input file" so you don't need to pipe the output to wc -l

FedericoGranata
Автор

Dude great video your content looks like something someone with subscribers would make. Your going to make it big one day. Keep the good work up!

Alexander-vogv
Автор

Great video! Super interesting how it can still be a business to brute force servers like this.

brandonstevens
Автор

This is really interesting! Thanks for the upload.

ThomasWSmith-wmxn
Автор

He promised and delivered. This was a great video!

WilliamFritzM
Автор

dudes mouth speak clearer than the youtube audio

zainahmed
Автор

I had a DSL modem that logged attempted hacks into my network; on average I had one attempt every 3 minutes. The IP addresses were from around the world. As a network admin I even seen corporate devices hacked as part of a botnet, usually unpatched Linux devices such as security camera recording devices.

sayvilletech
Автор

Great video brother!
If only we could get ISP's and the government on board with securing Networks for the average end user and not just Enterprise organizations. Buuuut if they did that then they wouldn't be able to do the under-the-table MITM type surveillance that they're guilty of themselves. Not to mention the advertising dollars that the huge corporations make by watching our every move. All these greedy bastards want to have a hand in the candy jar.. And it's all about money and control.
:/

mattpgarcia
Автор

What I find amazing is that you were able to do all of this with your elbows

arsacode