2 posts tagged with "honeypot"

Catching hackers with a honeypot - Case study

March 2, 2025 · 11 min read

Orkanyx

Creator of Cyberforge

Getting the sample

For this first case study, we'll base our analysis on a sample obtained by Cowrie. This sample can be found in the tpot installation folder, then in /data/cowrie/downloads/.

warning

The samples are malicious files. Handle them with caution. Always in a vm without internet connection

info

This first case study concerns a .sh file executed by a malicious actor to establish a botnet.

Hash: b6ba24ff7f1b3a851fe896136086f39c7d11db7f60223cf87a4fe029469ce776
Virustotal link: https://www.virustotal.com/gui/file/b6ba24ff7f1b3a851fe896136086f39c7d11db7f60223cf87a4fe029469ce776 (38/59)

Catching Hackers with a Honeypot - Installation

February 2, 2025 · 8 min read

Orkanyx

Creator of Cyberforge

We have always been told that in cybersecurity, attackers are always one step ahead. They will use vulnerabilities and/or techniques that defenders know nothing about.

Thus, to reduce this gap, defenders have found a method that allows them to both protect themselves and understand the new techniques used by attackers. This method is called a honeypot.

A honeypot is a system, intentionally left vulnerable and easily accessible by attackers. The objective is to collect IOCs (Indicators of Compromise) and IOAs (Indicators of Attack) to understand the techniques used by attackers.

In this article, we will discuss the deployment of the Tpot solution created by Deutsche Telekom:

Getting the sample​

Getting the sample