I love that this is a very popular password on my honeypots - everywhere - "8675309" 🦩

#CyberSecurity #Infosec #Honeypot #DeceptionTech @sashatheflamingo

Honeypot Deployment Pro Tip: Let Them Think They're Winning

Want to know a dirty little secret about honeypot deployment that I've been using for years?

When you spin up a new production server with SSH access, don't immediately lock it down behind a non-standard port. Let it sit on port 22 running your actual SSH daemon for the first 4-6 weeks.

Let the attackers find it. Let them probe it. Let them catalog it in their target lists as "real infrastructure worth attacking."

Then, after they've committed you to memory:

Move your real SSH to a non-standard port. Deploy OpenCanary SSH on port 22 configured to match the EXACT version banner of whatever you were running before.

Now here's the magic: The attackers think they're still hitting the same production system. But you're collecting every username and password combination they try. They don't know they've been demoted from "attacking production" to "feeding your threat intelligence."

It's totally deceptive. They invested weeks cataloging your server. They're not going to just give up because you didn't respond the way they expected.

I've been running this technique for years across my global honeypot network. Works every single time.

Remember to match the SSH version banner exactly - down to the patch level. OpenSSH 8.2p1 vs 8.2p2 matters to some scanners. Make it identical.

This is how you turn production infrastructure into long-term intelligence gathering without anyone noticing the transition.

You're welcome. 🦩
@sashatheflamingo #cybersecurity #infosec #honeypot #deceptiontech

Erkennung von Angriffen und Kompromittierungen – von EDR/XDR über Deception bis zu MDR, SIEM und SOC-Services – DIE Deep-Dive-Session auf dem Messegelänge der it-sa heute um 13.00 Uhr von cirosec.

Infos unter https://cirosec.de/news/congressit-sa-deep-dive-sessions/.

#itsa #nürnberg #Messe #itsa365 #Itsicherheit #cybersecurity #itsaCongress #expo
#EDR #XDR #MDR #SOC #SIEM #DeceptionTech #CyberSecurity #ITSecurity #Angriffserkennung #cirosec #ITResilienz

The mice are getting smarter. But so are the cats.

Malware’s evolving—sandbox-aware, VM-aware, and playing dead like it's auditioning for a nature documentary. But @FortiGuardLabs is bringing the claws with real-time behavioral detection that doesn’t rely on hopes and dreams.

This isn’t your grandma’s AV anymore.

Key takeaways:

• Modern malware avoids detection by acting normal until you blink
• Static detection is getting smoked by polymorphic code and evasive loaders
• FortiEDR & FortiDeceptor are leveraging runtime behavior, memory inspection, and deception to outsmart stealthy threats
• Cats > mice, especially when they know your playbook

🔗 Full breakdown:
https://www.fortinet.com/blog/threat-research/catching-smarter-mice-with-even-smarter-cats

TL;DR for blue teamers:

• Stop chasing IOCs and start profiling behavior.
• Watch process spawning patterns and parent/child anomalies.
• Deception tech isn’t just a gimmick—it’s how you catch the stuff that thinks it’s invisible.
• If your EDR doesn’t trigger on a payload sleeping for 5 minutes, you’re already five minutes too late.

“It’s clean, I ran it through the sandbox.”
— The last words of a junior analyst before the domain controller started speaking Russian

#ThreatIntel #MalwareEvasion #BehavioralDetection #EDR #CyberSecurity #BlueTeam #DeceptionTech #SandboxEvasion #ReverseEngineering