#Honeypots are often too obvious about being a #Honeypot: #SheilaABerta looks at error messages and their differences between the emulated service and the honeypot's version. She requires only a single message to expose the fake service.
Honeypot writer need to improve their "compatibility". #SCS23
That’s pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers.
The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around.
Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers’ identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate “tens of events” alone.
“It’s basically like a surveillance camera for RDP system because we see everything,” Andréanne Bergeron, who has a Ph.D. in criminology from the University of Montreal, told TechCrunch.
Bergeron, who also works for cybersecurity firm GoSecure, worked with her colleague Olivier Bilodeau on this research. The two presented their findings on Wednesday at the Black Hat cybersecurity conference in Las Vegas."
What would the nuances of starting a "homelab" / "fediverse" #ISAC be? Yes, it's not an industry, but a lot of hobbyist and volunteer systems exist...
I guess maybe ISAC/ISAO it isn't the word I'm looking for, more than threat intel, you know how #CISA provides other services? Like... hardening guides, shared threat intel, IR writeups, limited pentest services provided in bulk to the group / en-masse to every mastodon host... compliance guidance, tutorials, stuff like that.
something to help make sure all the weird custom home-grown mastodon (and other hobbyist VPS weirdness) setups get set up more rigorously. #homelab#mastoadmin#honeypots