Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th)

Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks Bit IP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed.

Continue reading Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th)

Posted in Uncategorized

Happy FouRth of July from the Internet Storm Center, (Sat, Jul 4th)

For our readers in the United States, the 4th of July is Independence Day. As the 4th, under normal COVID-free circumstances, is typically celebrated with fireworks events, I thought I&#;x26;#;39;d deviate a bit from information security topics and instead share a bit of code to create your own fireworks using R, a language and environment for statistical computing and graphics. My teams and I use R and Python constantly as part of security data analytics, particularly for data science and machine learning to further our detection practices and better identify anomalies of significance. You can follow along at home using RStudio as your IDE, and the latest version of R, 4.0.2 as this is written. All credit is due specifically to Edward Visel of Uptake, this is entirely his code, just modified ever so slightly for our purposes here. Edward was experimenting on his path to the perfect R-generated firework but I like each of them as variants in and of themselves. In the spirit of the old red, white, and blue, I selected three specific patterns, namely his explosion, particles and gnats, and the final firework. This work uses the tidyverse, sf, and gganimate packages, I pulled in magick to manipulate the resulting GIFs a bit. If you just want the TL;DR version, the results of the effort follows immediately, the code is in-line immediately thereafter. Happy 4th of July for those of you who celebrate it, cheers, stay safe and healthy to all!

Continue reading Happy FouRth of July from the Internet Storm Center, (Sat, Jul 4th)

Posted in Uncategorized

Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st)

After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I&#;x26;#;39;d walk you through how I setup my honeypots. I like to combine the Dshield honeypot with Didier Stevens&#;x26;#;39; tcp-honeypot so I can capture more suspicious traffic. Today, I&#;x26;#;39;ll walk you through my setup using a VM hosted by Digital Ocean, though the steps would work for pretty much any cloud provider.

Continue reading Setting up the Dshield honeypot and tcp-honeypot.py, (Wed, Jul 1st)

Posted in Uncategorized