Centralize Cowrie Honeypot Logs with Graylog in AWS

This summer I want to do more botnet analysis. I’ve done some before with my rootonyour.webcam SSH log analysis sensor and server projects. This really only included geolocation and linked to Shodan information on running services. Cowrie is a medium interaction honeypot that can log login credentials and command execution and also capture downloaded files. I don’t prioritize availability with my self-hosted servers, so I’d rather put everything in the cloud.

Read More

Configuring a Reverse Proxy in AWS for my Homelab

This summer my servers are behind a firewall that I don’t control. I can request to have ports opened but it’d take a while and I like to have things under my control. I’ve tried setting up a reverse proxy before but the concept confused me and I never had a real use case for one.

Read More

View Your IP (Or Anything Else) At Login

When I started setting up a new network with ESXi, I wanted to make everything as uniform as possible. When I started up a new VM, I wanted to be able to SSH in as soon as it was ready. This plan was foiled by needing to log in through the console and get the IP or look at my current DHCP leases. Place these lines in /etc/rc.local to show the IP address at the login prompt.

Read More

Proxy Python Requests Through Burp Suite

I write a lot of Python scripts that interact with websites using the requests module. To figure out the requests I need to make for say, logging in, I do the process manually while Burp Suite is running and then model it. It wasn’t until a few days ago while debugging that I wondered if I could proxy my Python programs to make sure it was sending the correct data.

Read More