I used urlscan.io a lot this summer at my internship with a SOC. Every time I used it I wondered how it worked and if I could build something similar. The week after my internship ended I created HTTP-Info as my attempt to gather as much information about a website as I could.
This year I moved into a new apartment and had to get a TV for the living room. I ultimately got this TCL Roku TV which my journey of getting is a whole nother story. I powered it on, selected my language and country, then it was time to configure the network connection. Shoot.
This summer I want to do more botnet analysis. I’ve done some before with my rootonyour.webcam SSH log analysis sensor and server projects. This really only included geolocation and linked to Shodan information on running services. Cowrie is a medium interaction honeypot that can log login credentials and command execution and also capture downloaded files. I don’t prioritize availability with my self-hosted servers, so I’d rather put everything in the cloud.
This summer my servers are behind a firewall that I don’t control. I can request to have ports opened but it’d take a while and I like to have things under my control. I’ve tried setting up a reverse proxy before but the concept confused me and I never had a real use case for one.
When I started setting up a new network with ESXi, I wanted to make everything as uniform as possible. When I started up a new VM, I wanted to be able to SSH in as soon as it was ready. This plan was foiled by needing to log in through the console and get the IP or look at my current DHCP leases. Place these lines in
/etc/rc.local to show the IP address at the login prompt.