Sebek captures from the Nimda window
The Nimda outbreak produced a substantial volume of Sebek captures from my honeypot. A walk through what the captures show about the post-Nimda compromise environment.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged captures — 4 results.
Sebek captures: a careful attacker, observed
A capture from my Sebek-instrumented honeypot reveals an unusually careful attacker. A walk through what they did, what we observed, and what defenders should know.
Honeypot v2: second-month captures
Five months of running the high-interaction honeypot. The captures continue to be the highest-value source of post-compromise intelligence I have access to. Three more sanitised observations and what each teaches.
The honeypot v2 — first interesting captures
Six weeks of running the new high-interaction honeypot has produced exactly the kind of post-compromise data I was hoping for. Three sanitised observations from the logs, with the lessons each one teaches.