Author Archives: Scott

Use Bro to spot SSL phishing pages (part 1)

A lot of phishes are starting to use SSL certificates, and this makes things interesting for a few reasons. Two big ones are: – End users are trained to look for the green padlock, because if it’s there the page … Continue reading

Posted in Bro | Leave a comment

How to Integrate CIF feeds into Bro Intel files

So you set up a SSH honeypot¬†and are gathering data, but what do you do with it? If you have Bro installed, you can integrate your feeds for monitoring in less than 15 minutes. I’ll show you how to pull … Continue reading

Posted in Bro, CIF, CSIRTG | Leave a comment

Install a SSH honeypot, and have the data logged in 3 easy steps

Did you ever wonder who is trying to log on to your server? Here is how to set up a SSH honeypot inside of a Docker container that sends the data to CSIRT Gadgets using the Collective Intelligence Framework (CIF) … Continue reading

Posted in CIF, Docker, SSH | Leave a comment