Archive by Author

TPOT's Cowrie to ISC Logs, (Thu, Apr 2nd)

Last year I did a post about a great tool; TPOT https://github.com/dtag-dev-sec/tpotce. In short, it is a collection of different honeypots put together by Docker and Elastic stack. I promised to cover setting up cowrie to report to SANS ISC, and here it is. If you are not familiar with Docker, this config would take […]

Leave a comment Continue Reading →

TPOT's Cowrie to ISC Logs, (Thu, Apr 2nd)

Last year I did a post about a great tool; TPOT https://github.com/dtag-dev-sec/tpotce. In short, it is a collection of different honeypots put together by Docker and Elastic stack. I promised to cover setting up cowrie to report to SANS ISC, and here it is. If you are not familiar with Docker, this config would take […]

Leave a comment Continue Reading →

TPOT's Cowrie to ISC Logs, (Thu, Apr 2nd)

Last year I did a post about a great tool; TPOT https://github.com/dtag-dev-sec/tpotce. In short, it is a collection of different honeypots put together by Docker and Elastic stack. I promised to cover setting up cowrie to report to SANS ISC, and here it is. If you are not familiar with Docker, this config would take […]

Leave a comment Continue Reading →

TPOT's Cowrie to ISC Logs, (Thu, Apr 2nd)

Last year I did a post about a great tool; TPOT https://github.com/dtag-dev-sec/tpotce. In short, it is a collection of different honeypots put together by Docker and Elastic stack. I promised to cover setting up cowrie to report to SANS ISC, and here it is. If you are not familiar with Docker, this config would take […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →

Qakbot malspam sent from an infected Windows host, (Wed, Apr 1st)

Introduction Every once in a while, I’ll see spambot-style traffic from the Windows hosts I infect in my lab environment.  On Tuesday 2020-03-31, this happened during a Qakbot infection.  I’ve covered examining Qakbot traffic before, but that didn’t include examples of spambot emails sent from an infected Windows computer.  Today’s diary provides a quick review […]

Leave a comment Continue Reading →