Mastodawn

From the point of view of the Low, no historic change has ever meant much more than a change in the name of their masters.

#1984

SecuriLee🇨🇭2d ago

@MIRE will be running in Neutral 404 mode until Wednesday 18th March - then we see how a week of MIRE/C³ Defend/Deceive Mode looks.

#cybersecurity #MIREC3

SecuriLee🇨🇭4d ago

Neutralised 404 more now available in the MIRE/C3

https://mire.cc/neutralised-404-error-mode/

@MIRE has the daily stats, will there be a difference?

#cybersecurity

Neutralised 404 Error Mode - MIRE/C³

Can delayed 404 responses discourage automated scanners? A small experiment with logs, statistics, and probe behavior.

MIRE/C³

SecuriLee🇨🇭5d ago

Pick up daily statistics from @MIRE - summarising the cost in time and bandwidth to those scanning for non-existent content protected by The MIRE/C³

#MIREC3 #Treacle #CyberSecurity

SecuriLee🇨🇭5d ago

Update from the MIRE/C³ lab 🧪

The neutral 404 handler now catches all trapped errors. I’ve also added a 5–15 second delay before the page is served.

Why? Because scanners hate waiting.

On top of that, the response now includes a small set of AI-targeted “cease and desist” instructions. The hope is that both humans and automated tooling decide to move along (I doubt that…)

Try it yourself:
https://cfdemo.mire.cc/cfdemo.html

#CyberSecurity #Honeypots #IDontThinkSo #MIREC3

SecuriLee🇨🇭6d ago

The standard 404 page from The MIRE/C³ has been revamped to include guidance for AI bots that manage scanning and probing activities on domains shielded by The MIRE/C³.

You can see it in action with the Sample 404 page at: https://cfd.mire.cc/cfdemo.html.

#404Update #AIGuidance #CyberSecurity

SecuriLee🇨🇭6d ago

Expanding the trap: MongoDB support is coming to @ThinkstCanary OpenCanary! 🛡️
I’ve always been a fan of Thinkst OpenCanary for its simplicity and effectiveness. However, I noticed a gap: as MongoDB remains one of the most targeted NoSQL databases by attackers (especially with the recent CVE)), we needed a dedicated module to catch those specific "low and slow" probes.

I’m excited to share that I’ve officially submitted a Pull Request to add a MongoDB honeypot module to the OpenCanary ecosystem!

What this means:
• Realistic Decoys: Mimics a MongoDB instance to lure in attackers looking for data leaks.
• Granular Logging: Captures connection attempts and query patterns.
• Better Coverage: Extends your internal deception mesh to cover NoSQL environments.

Check out the PR here: https://github.com/thinkst/opencanary/pull/444
Huge thanks to the Thinkst team for maintaining such a vital open-source project. Feedback and testers are welcome!

#OpenSource #CyberSecurity #OpenCanary #Honeypot #MongoDB #InfoSec

SecuriLee🇨🇭Mar 4

Watch webservers be attacked in real time - and defend themselves

https://mire.cc/live/

#MIRE/C³ - Stop Defending, Start Deceiving

Show thread

SecuriLee🇨🇭Mar 3

Hi @RyanB
Yes, I created it.
The potted history....I brought up a subdomain and saw hits after 5 seconds. "This can't be right," I said to myself. Thank you, certificate transparency.
And then they scraped.
I countered with robots.txt
They ignored it 😂
So I examined what they were trying to get and designed a way to fulfil their requests. Fake tokens, dodgy ZIPs, #CanaryTokens
And that's how the thing was born, now I polish it up.

The goal? Synthesise delays, synthesise content. Waste hacker time.

I think I like it too 👍

SecuriLee🇨🇭Mar 3

My logs were full of attackers probing for secrets. Now, they’re just wasting their own money.

Introducing MIRE/C³: A deception layer designed to drain attacker resources and trigger immediate alerts via canary decoys.

Let them in. They’ll never find the way out. 🕸️

Try it for yourself:
https://cfd.mire.cc/cfdemo.html
#MIRE #CyberSecurity #DevSecOps

MIRE/C³	https://mire.cc
The OpenCanary Experience	https://toce.ch
WillIGetPwned	https://willigetpwned.com
CISO.li	https://ciso.li
i.am.ciso.lee	https://about.ciso.li