Handler on Duty: Didier Stevens
Threat Level: green
Jesse La Grew Diaries
- [Guest Diary] Insights from August Web Traffic Surge
- Finding Honeypot Data Clusters Using DBSCAN: Part 2
- Enrichment Data: Keeping it Fresh
- Simulating Traffic With Scapy
- Pandas Errors: What encoding are my logs in?
- [Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools
- Finding Honeypot Data Clusters Using DBSCAN: Part 1
- Does it matter if iptables isn't running on my honeypot?
- [Guest Diary] AWS Deployment Risks - Configuration and Credential File Targeting
- [Guest Diary] Dissecting DarkGate: Modular Malware Delivery and Persistence as a Service.
- [Guest Diary] Friend, foe or something in between? The grey area of 'security research'
- [Guest Diary] Learning by doing: Iterative adventures in troubleshooting
- Public Information and Email Spam
- Number Usage in Passwords
- What is that User Agent?
- Overflowing Web Honeypot Logs
- Hiding in Hex
- DShield and qemu Sitting in a Tree: L-O-G-G-I-N-G
- Common usernames submitted to honeypots
- What is the origin of passwords submitted to honeypots?
- Command Line Parsing - Are These Really Unique Strings?
- DShield Honeypot Maintenance and Data Retention
- IDS Comparisons with DShield Honeypot Data
- More Data Enrichment for Cowrie Logs
- Signals Defense With Faraday Bags & Flipper Zero
- Exploration of DShield Cowrie Data with jq
- Network Data Collector Placement Makes a Difference
- PCAP Data Analysis with Zeek
- Rotating Packet Captures with pfSense
- DShield Honeypot Setup with pfSense
- Opening the Door for a Knock: Creating a Custom DShield Listener
- Extracting 'HTTP CONNECT' Requests with Python
