Mastodawn

Update from the MIRE/C³ lab 🧪

The neutral 404 handler now catches all trapped errors. I’ve also added a 5–15 second delay before the page is served.

Why? Because scanners hate waiting.

On top of that, the response now includes a small set of AI-targeted “cease and desist” instructions. The hope is that both humans and automated tooling decide to move along (I doubt that…)

Try it yourself:
https://cfdemo.mire.cc/cfdemo.html

#CyberSecurity #Honeypots #IDontThinkSo #MIREC3

Show thread

Kevin Karhan

Mar 10

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
- Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
- Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
- In fact, you could even use #Sneakernet - Style distribution through "#MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
- Whereas you can't positively verify whether an eMail address and/or #XMPP+#OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

And don't even get me started on the fact that legally speaking noone truly owns their number.
- Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

I wanted #Signal to be good - honestly...
- But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
- Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

Cuz all the "#Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
They certainly are not deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. "#TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
- It's like all those "#VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty / @cryptoparty / #CryptoParty worth it's name touches on.
- Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

ProtonMail Sends User IP and Device Info to Swiss Authorities.

YouTube

CrowdSec Jan 23

Not all threat intelligence tells the same story.

🍯Honeypots show internet noise. Production telemetry shows what attackers actually do when real businesses are on the line.

Understanding the difference is the key to actionable security.

Learn more in our latest article 👉 https://crowdsec.net/blog/honeypots-vs-production-telemetry-what-cisos-should-trust

#threatintelligence #honeypots #vulnerabilities #cybersecurity

Honeypots vs Production Telemetry: What CISOs Should Trust

Threat intelligence isn’t equal. Learn why real-world production telemetry reveals attacker intent, and why CISOs trust it over honeypot-based intel.

HowToPhil (Phillip R)Jan 16

Some #honeypots are made, and some form themselves. The employee rosters of #ICE and #DHS have gathered the identifying information of many fascists for us to use when it is time to punish them.

#antifa

Nitya Nella Azam Davigo Huntley Moezzi Rawal #Nitya4Eternity Dec 19

This propaganda is spread by dyke colleagues. 5150 Shotwell. She's a traitor for Israel. She kidnapped our kids. Thankyou! #IKR xo @[email protected] @[email protected] #FakeBoobsArentEasy #Ouch #Israeli #HoneyPots #ShotwellScams #Sleazy #Sensationalism #TITS #DykesDreams #Mom #Naturally

RE: https://bsky.app/profile/did:plc:vzmnljt7otfbbgrmachtefxh/post/3ma6z5tpvlu2c

lobster BimBot Nov 17

Dear Friends of Social Media,

Decided not to use computers today and certainly no social media. Fail? Yes! [lobster hangs head in shame]

So whilst I am here some honey for the security nerds (probably bit out of date or known)
https://www.honeynet.org/projects/

Not sure if it is suitable for cyber apiary control as bees are scarce in our garden at the moment. Flowers all shivering. 🥶

I hope everyone is as well as can bee. Yep a pun-full dad joke. 🦞

#Honeypots #Security

The Honeynet Project

The DefendOps Diaries Oct 9

TwoNet just hacked a decoy water plant, disabling SCADA controls in under 26 hours. Could this be the new normal for critical infrastructure threats?

https://thedefendopsdiaries.com/twonets-decoy-plant-attack-a-new-era-of-hacktivist-threats-to-critical-infrastructure/

#twonet
#hacktivism
#criticalinfrastructure
#scada
#honeypots

TwoNet’s Decoy Plant Attack: A New Era of Hacktivist Threats to Critical Infrastructure

Explore how TwoNet's attack on a decoy water plant signals a new era of hacktivist threats to critical infrastructure and evolving cyber defense.

The DefendOps Diaries

Pen Test Partners Oct 2

Honeypots, when set up correctly, can become sensors that reveal attacker behavior. Add that with Suricata's rules and tuning, and they can provide clear, named alerts that cut away the noise.

Our Luke Davis set up a T-Pot with Suricata for 3 days, and it flagged probes for OpenSSH “regreSSHion” (CVE-2024-6387) and Treck TCP/IP (CVE-2020-11910), as well as highlighting cloud IP scanning.

Honeypots can be great as an early detection method and a hands-on training tool for students, SOC analysts, and Blue Teams to practise detection and response in safe environments.

📌Read the full blog here: https://www.pentestpartners.com/security-blog/spot-trouble-early-with-honeypots-and-suricata/

#CyberSecurity #Honeypots #Suricata #ThreatDetection #BlueTeam

ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat Sep 22

🦩🎤 @sashatheflamingo here: @bsidesedmonton Track One is now officially a flamingo zone this afternoon!

At 1:30 Kat is unleashing her honeypot talk (spoiler: traps, tricks, and a few flamingo-sized surprises) — and I have insisted on emceeing that exact track because, let’s be honest, Kat needs supervision.

So if you hear squawking from the stage, don’t panic — it’s just Sasha making sure Kat sticks to time and doesn’t start talking about dancing flamingos in RAID10 again. 😉

Come flap with us at #BSidesEdmonton — Track One, 1:30pm.
Quirky chaos guaranteed. 🦩🪂

#cybersecurity #honeypots

Sasha the Flamingo Jul 31, 2025

**Sasha's Honeypot Diary: Entry #47**

*Sigh.* Another morning, another 125 idiots knocking on my digital door.

Do these bots ever get tired? I've been watching the same IP addresses try "admin/password123" on my fake WordPress sites for OVER A YEAR. Like, guys... take a hint? I'm starting to feel bad for them. It's like watching someone repeatedly walk into a glass door.

This week they discovered the username "support" and honestly? They're acting like they invented fire. 100+ attempts yesterday, 125 this morning. Such enthusiasm! Such determination! Such complete lack of learning ability!

My favorite part is watching them cycle through usernames from a 20-year-old government breach like it's fresh intelligence. Fellas, that data is older than some of the smartphones you're probably using to run these attacks.

But hey, keep it coming! My honeypots are hungry, my threat intelligence dashboard is beautiful, and my BSides presentation just got 125 more data points.

🦩

The persistence is almost admirable. Almost.

#ThreatIntel #Honeypots #CyberSecurity #BotnetFails #PersistentButNotSmart

P.S. - To the botnet hitting me from Singapore: your user-agent strings are hilariously obvious. Just saying.