The Most/Recent Articles

Showing posts with label honeypot. Show all posts
Showing posts with label honeypot. Show all posts
honeypot

Daily Blog #741: AI powered Honeypots

Hello Reader,

I’ve always found honeypots fascinating. There’s something deeply satisfying about reviewing logs of frustrated attackers and uncovering their latest tactics. However, setting up a convincing honeypot has traditionally required a lot of effort—crafting realistic environments, files, and services to appear valuable while ensuring they couldn’t be exploited for real attacks.

AI has changed the game once again. There are now AI-powered honeypots (at least two that I know of) that leverage large language models to simulate entire systems. These models dynamically generate file listings, process lists, file contents, and other system artifacts, making fingerprinting much harder for attackers. I think this is incredibly cool! In fact, I once asked ChatGPT to pretend to be a Linux system—and the results were hilarious!


Here are two AI-powered honeypots worth checking out:

Splunk AI Honeypot (DECEIVE) – SSH Honeypot

🔗 GitHub: splunk/DECEIVE

Galah – HTTP Honeypot

🔗 GitHub: 0x4D31/galah


Hope you find these as interesting as I do!

Also Read: USN V4 Data Ranges


Read More
reverse engineering

Forensic Lunch 2/13/2015 - Anuj Soni, Jason Trost, Matt Bromiley and Lee Whitfield

Forensic Lunch 2/13/2015 - Anuj Soni, Jason Trost, Matt Bromiley and Lee Whitfield
Hello Reader,

We had an amazing Forensic Lunch this week! We talked about attacker tools, web shells, reverse engineering, the modern honey network and extending the same.

This week we had:
Anuj Soni, discussing webshells and attacker tools
Jason Trost, discussing the Modern Honey Net project he's working on at Threatstream
Matt Bromiley talking about the work we are done to extend the MHN reporting by integrating elastic search and Kibana to visualize the data

Show notes:
Anuj Soni:
Twitter: @asoni
• My SANS Webcast on web shells: https://www.sans.org/webcasts/closing...
• The upcoming FOR610 course in Monterey: http://www.sans.org/event/dfir2015/co...
• My bio and instructor page: http://www.sans.org/instructors/anuj-...
- Webacoo https://github.com/anestisb/WeBaCoo

Jason Trost:
Twitter: @jason_trost
Threatstream Github: https://github.com/threatstream
Jason's Github: https://github.com/jt6211
Modern Honey Network:http://threatstream.github.io/mhn/
Threatsream: http://threatstream.com/

Matt Bromiley:
Twitter: @505forensics
Blog: http://www.505forensics.com/
MHN Visualization Series: http://www.505forensics.com/honeypot-...
http://www.505forensics.com/honeypot-...
http://www.505forensics.com/honeypot-...

Lee Whitfield:
Twitter: @lee_whitfield
Forensic 4cast awards nomination:https://forensic4cast.com/forensic-4c...
Facebook Threatexchange: https://threatexchange.fb.com/

You can watch it on Youtube here:https://www.youtube.com/watch?v=LnWhXd17Uak&list=UUZ7mQV3j4GNX-LU1IKPVQZg

Or below:


Read More
Subscribe to: Posts ( Atom )