Honeypot Q3 2002 patterns
Q3 2002 has been a relatively quiet quarter for the honeypot. A short summary of what was observed.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged patterns — 5 results.
Honeypot annual recap: 2001
A full-year recap of honeypot data from 2001. The patterns across the year tell a clearer story than any single quarter did.
Honeypot Q3 patterns
Q3 was the busiest quarter the honeypot has ever seen. A summary of the patterns observed across Code Red, Nimda, and the surrounding noise.
IIS Unicode aftermath: the broader pattern
A week on from MS00-078. The exploitation pattern played out as expected. Time to step back and think about what this category of vulnerability tells us, and what I expect over the next year.
Cumulative honeypot analysis: six months of captures
Six months of honeypot operation has produced enough data to write a structured analysis. The patterns of attacker behaviour, ranked by frequency, with the defensive implication for each. This is the longer writeup I committed to.