Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged operational security — 3 results.
Six weeks of running the new high-interaction honeypot has produced exactly the kind of post-compromise data I was hoping for. Three sanitised observations from the logs, with the lessons each one teaches.
After a year of running my small honeypot and reading the Honeynet conversations, I am rebuilding from scratch. The new architecture takes a different approach — high interaction in a contained environment — and the design choices are worth writing down before I commit to them.
TCP wrappers are old. They are still everywhere. Reading the source for the first time has changed my mental model of what they actually do, and what they do not.