HoneyTrap Logs

HoneyTraps in the Cloud 101

Updated 2021-03-01: Give the reader a heads up that restarting SSH will kick them from their current session. Overview Honeypots are useful tools for collecting unauthorized interactions as logs. These logs can be digested to identify new attacking techniques or observe active username/password patterns. In the context of a security team, it could provide actionable information to pre-emptively secure the studied environment. This tutorial will discuss general SSH honeypot pre-configuration, HoneyTrap installation, logging, and analysis....

January 25, 2021 · 5 min
Image from Blog - String Table

Writing my first forensic tool in Go

Overview While reading Hands On System Programming with Go, I discovered the debug/pe package. To learn more about using Go I decided to spend a few days building a static forensic tool centered around use of this package. The debug/pe package provides functions that make analyzing a PE file easier. A glimpse of promising functions include: Open, ImportedLibraries, FileHeader, OpentionHeader32/64, and StringTable. Limiting myself to a span of a week, I’m reporting on functions I’ve applied to penut, a simple PE file static analysis tool, and what the next steps are to build upon the application....

January 20, 2021 · 5 min