Jesse La Grew Diaries

Back to Handlers

• DShield Honeypot Log Volume Increase
• [Guest Diary] Anatomy of a Linux SSH Honeypot Attack: Detailed Analysis of Captured Malware
• Upcoming DShield Honeypot Changes and Customizations
• Usage of "passwd" Command in DShield Honeypots
• [Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack
• Honeypot Iptables Maintenance and DShield-SIEM Logging
• [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
• [Guest Diary] Malware Source Servers: The Threat of Attackers Using Ephemeral Ports as Service Ports to Upload Data
• [Guest Diary] How Access Brokers Maintain Persistence
• Extracting Practical Observations from Impractical Datasets
• Capturing Honeypot Data Beyond the Logs
• [Guest Diary] A Deep Dive into TeamTNT and Spinning YARN
• CURLing for Crypto on Honeypots
• [Guest Diary] Business Email Compromise
• [Guest Diary] Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware
• [Guest Diary] Insights from August Web Traffic Surge
• Finding Honeypot Data Clusters Using DBSCAN: Part 2
• Enrichment Data: Keeping it Fresh
• Simulating Traffic With Scapy
• Pandas Errors: What encoding are my logs in?
• [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
• Finding Honeypot Data Clusters Using DBSCAN: Part 1
• Does it matter if iptables isn't running on my honeypot?
• [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
• [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
• [Guest Diary] Friend, foe or something in between? The grey area of 'security research'
• [Guest Diary] Learning by doing: Iterative adventures in troubleshooting
• Public Information and Email Spam
• Number Usage in Passwords
• What is that User Agent?
• Overflowing Web Honeypot Logs
• Hiding in Hex
• DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G
• Common usernames submitted to honeypots
• What is the origin of passwords submitted to honeypots?
• Command Line Parsing - Are These Really Unique Strings?
• DShield Honeypot Maintenance and Data Retention
• IDS Comparisons with DShield Honeypot Data
• More Data Enrichment for Cowrie Logs
• Signals Defense With Faraday Bags & Flipper Zero
• Exploration of DShield Cowrie Data with jq
• Network Data Collector Placement Makes a Difference
• PCAP Data Analysis with Zeek
• Rotating Packet Captures with pfSense
• DShield Honeypot Setup with pfSense
• Opening the Door for a Knock: Creating a Custom DShield Listener
• Extracting 'HTTP CONNECT' Requests with Python