{"id":1412,"date":"2012-06-28T14:02:13","date_gmt":"2012-06-28T19:02:13","guid":{"rendered":"http:\/\/rud.is\/b\/?p=1412"},"modified":"2018-03-10T07:53:38","modified_gmt":"2018-03-10T12:53:38","slug":"honeypot-analytics","status":"publish","type":"post","link":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/","title":{"rendered":"Honeypot Analytics"},"content":{"rendered":"<p>For this post (and probably a few subsequent ones), I&#8217;m taking the role of &#8216;Pinky&#8221; to @jayjacobs&#8217; &#8216;Brain&#8217; as I share some of my own analysis on the <a href=\"https:\/\/www.verizonenterprise.com\/verizon-insights-lab\/?t=securityblog\">ssh honeypot passwords<\/a>  that Jay collected (you&#8217;ll need to read his VZB post before continuing). There are tons of angles for analysis and I&#8217;ve been all over the place as ideas have come &amp; gone. I&#8217;m probably not breaking much (if any) new ground as there are a number of honeypot tools that provide #spiffy reports <span class=\"removed_link\" title=\"http:\/\/davewout.home.xs4all.nl\/log\/checklog-latest.html\">like this<\/span>, but there may be some new insights or at the very least some starting points for folks new to the honeypot scene.<\/p>\n<p>One of the first things I did with the data was to make a histogram of the password lengths the attackers used:<\/p>\n<p><center><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1413\" data-permalink=\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/passhist-blog\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&amp;ssl=1\" data-orig-size=\"500,390\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;}\" data-image-title=\"passhist-blog\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=300%2C234&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?resize=500%2C390&#038;ssl=1\" alt=\"\" title=\"passhist-blog\" width=\"500\" height=\"390\" class=\"aligncenter size-full wp-image-1413\" srcset=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?w=500&amp;ssl=1 500w, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?resize=300%2C234&amp;ssl=1 300w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/center><br \/>\n<center><\/p>\n<p><iframe width='150' height='300' frameborder='0' src='https:\/\/docs.google.com\/spreadsheet\/pub?hl=en&#038;hl=en&#038;key=0AlCY1qfmPPZVdDZhT3J6dmJGLTZuNFY0b1ZpNHZkVnc&#038;output=html&#038;widget=true'><\/iframe><\/p>\n<p><\/center><\/p>\n<p>Some questions come up:<\/p>\n<ul>\n<li>Why 6 &#038; 8 as the most frequent?<\/li>\n<li>What&#8217;s up with &#8220;khaled-dico-ana-wla-akhou-charmouta-tfeh-kess-ekhtak-bi-ayri-a5ou-a7beh&#8221;(the longest one), &#8220;FSDwef8529637531598273k1d123kid871kid872tralalalovedolce&#8221; and the other large passwords? Are they used in conjunction with other attack vectors (one of my posits)? Are they vanity signatures to inject into honeypots (one of Jay&#8217;s posits)\n<\/ul>\n<p><i>(btw: those are legit questions\u2026if honeypot researchers know the answers, I am curious)<\/i><\/p>\n<p>When looking at sources of these attacks, they seem to be concentrated in a few areas:<\/p>\n<p><center><\/p>\n<p><iframe loading=\"lazy\" width=\"500\" height=\"375\" src=\"http:\/\/www.openheatmap.com\/embed.html?map=HyporadiusGogoSeismographic\" ><\/iframe><\/p>\n<p><\/center><\/p>\n<p>The brute-forcers also do not seem to rest (click for larger version):<\/p>\n<p><center><a href=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1421\" data-permalink=\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/byday-blog\/\" data-orig-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?fit=814%2C484&amp;ssl=1\" data-orig-size=\"814,484\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;}\" data-image-title=\"byday-blog\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?fit=300%2C178&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?fit=510%2C303&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?resize=300%2C178&#038;ssl=1\" alt=\"\" title=\"byday-blog\" width=\"300\" height=\"178\" class=\"aligncenter size-medium wp-image-1421\" srcset=\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?resize=300%2C178&amp;ssl=1 300w, https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/byday-blog.png?w=814&amp;ssl=1 814w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/center><\/p>\n<p>The down days are when they honeypot was, well, <i>down<\/i>. I am curious as to what caused the surge on the 31<sup>st<\/sup> &amp; the 3<sup>rd<\/sup>? I believe that actually maps to Fri\/Mon if the source is China\/Russia.<\/p>\n<p>In the coming days\/weeks, I&#8217;ll break down some analytics by IP address and focus a bit more on the passwords themselves.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For this post (and probably a few subsequent ones), I&#8217;m taking the role of &#8216;Pinky&#8221; to @jayjacobs&#8217; &#8216;Brain&#8217; as I share some of my own analysis on the ssh honeypot passwords that Jay collected (you&#8217;ll need to read his VZB post before continuing). There are tons of angles for analysis and I&#8217;ve been all over [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":""},"categories":[3],"tags":[665],"class_list":["post-1412","post","type-post","status-publish","format-standard","hentry","category-information-security","tag-honeypot"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Honeypot Analytics - rud.is<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Honeypot Analytics - rud.is\" \/>\n<meta property=\"og:description\" content=\"For this post (and probably a few subsequent ones), I&#8217;m taking the role of &#8216;Pinky&#8221; to @jayjacobs&#8217; &#8216;Brain&#8217; as I share some of my own analysis on the ssh honeypot passwords that Jay collected (you&#8217;ll need to read his VZB post before continuing). There are tons of angles for analysis and I&#8217;ve been all over [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\" \/>\n<meta property=\"og:site_name\" content=\"rud.is\" \/>\n<meta property=\"article:published_time\" content=\"2012-06-28T19:02:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-03-10T12:53:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png\" \/>\n<meta name=\"author\" content=\"hrbrmstr\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hrbrmstr\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\"},\"author\":{\"name\":\"hrbrmstr\",\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"headline\":\"Honeypot Analytics\",\"datePublished\":\"2012-06-28T19:02:13+00:00\",\"dateModified\":\"2018-03-10T12:53:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\"},\"wordCount\":296,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png\",\"keywords\":[\"honeypot\"],\"articleSection\":[\"Information Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\",\"url\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\",\"name\":\"Honeypot Analytics - rud.is\",\"isPartOf\":{\"@id\":\"https:\/\/rud.is\/b\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png\",\"datePublished\":\"2012-06-28T19:02:13+00:00\",\"dateModified\":\"2018-03-10T12:53:38+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&ssl=1\",\"width\":\"500\",\"height\":\"390\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/rud.is\/b\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Honeypot Analytics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/rud.is\/b\/#website\",\"url\":\"https:\/\/rud.is\/b\/\",\"name\":\"rud.is\",\"description\":\"&quot;In God we trust. All others must bring data&quot;\",\"publisher\":{\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/rud.is\/b\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886\",\"name\":\"hrbrmstr\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"url\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\",\"width\":460,\"height\":460,\"caption\":\"hrbrmstr\"},\"logo\":{\"@id\":\"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1\"},\"description\":\"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7\",\"sameAs\":[\"http:\/\/rud.is\"],\"url\":\"https:\/\/rud.is\/b\/author\/hrbrmstr\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Honeypot Analytics - rud.is","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/","og_locale":"en_US","og_type":"article","og_title":"Honeypot Analytics - rud.is","og_description":"For this post (and probably a few subsequent ones), I&#8217;m taking the role of &#8216;Pinky&#8221; to @jayjacobs&#8217; &#8216;Brain&#8217; as I share some of my own analysis on the ssh honeypot passwords that Jay collected (you&#8217;ll need to read his VZB post before continuing). There are tons of angles for analysis and I&#8217;ve been all over [&hellip;]","og_url":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/","og_site_name":"rud.is","article_published_time":"2012-06-28T19:02:13+00:00","article_modified_time":"2018-03-10T12:53:38+00:00","og_image":[{"url":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png","type":"","width":"","height":""}],"author":"hrbrmstr","twitter_card":"summary_large_image","twitter_misc":{"Written by":"hrbrmstr","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#article","isPartOf":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/"},"author":{"name":"hrbrmstr","@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"headline":"Honeypot Analytics","datePublished":"2012-06-28T19:02:13+00:00","dateModified":"2018-03-10T12:53:38+00:00","mainEntityOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/"},"wordCount":296,"commentCount":0,"publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png","keywords":["honeypot"],"articleSection":["Information Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/","url":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/","name":"Honeypot Analytics - rud.is","isPartOf":{"@id":"https:\/\/rud.is\/b\/#website"},"primaryImageOfPage":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage"},"image":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage"},"thumbnailUrl":"https:\/\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png","datePublished":"2012-06-28T19:02:13+00:00","dateModified":"2018-03-10T12:53:38+00:00","breadcrumb":{"@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#primaryimage","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2012\/06\/passhist-blog.png?fit=500%2C390&ssl=1","width":"500","height":"390"},{"@type":"BreadcrumbList","@id":"https:\/\/rud.is\/b\/2012\/06\/28\/honeypot-analytics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/rud.is\/b\/"},{"@type":"ListItem","position":2,"name":"Honeypot Analytics"}]},{"@type":"WebSite","@id":"https:\/\/rud.is\/b\/#website","url":"https:\/\/rud.is\/b\/","name":"rud.is","description":"&quot;In God we trust. All others must bring data&quot;","publisher":{"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/rud.is\/b\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/rud.is\/b\/#\/schema\/person\/d7cb7487ab0527447f7fda5c423ff886","name":"hrbrmstr","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","url":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","contentUrl":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1","width":460,"height":460,"caption":"hrbrmstr"},"logo":{"@id":"https:\/\/i0.wp.com\/rud.is\/b\/wp-content\/uploads\/2023\/10\/ukr-shield.png?fit=460%2C460&ssl=1"},"description":"Don't look at me\u2026I do what he does \u2014 just slower. #rstats avuncular \u2022 ?Resistance Fighter \u2022 Cook \u2022 Christian \u2022 [Master] Chef des Donn\u00e9es de S\u00e9curit\u00e9 @ @rapid7","sameAs":["http:\/\/rud.is"],"url":"https:\/\/rud.is\/b\/author\/hrbrmstr\/"}]}},"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p23idr-mM","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":1490,"url":"https:\/\/rud.is\/b\/2012\/07\/09\/honeypot-analytics-500-pretty-passwords\/","url_meta":{"origin":1412,"position":0},"title":"Honeypot Analytics : 500 Pretty Passwords","author":"hrbrmstr","date":"2012-07-09","format":false,"excerpt":"I had a few moments this past weekend to play with an idea for visualizing the passwords used against the honeypot @jayjacobs set up. While it's not as informative as Jay's weekend endeavors: https:\/\/twitter.com\/jayjacobs\/status\/221591674797826048 it is pretty, and it satisfied my need to make a word cloud out of useful\u2026","rel":"","context":"In &quot;Charts &amp; Graphs&quot;","block_context":{"text":"Charts &amp; Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1507,"url":"https:\/\/rud.is\/b\/2012\/07\/12\/ssh-password-time-series-heatmap-in-d3\/","url_meta":{"origin":1412,"position":1},"title":"SSH Password Time-series Heatmap In D3","author":"hrbrmstr","date":"2012-07-12","format":false,"excerpt":"In @jayjacobs' latest post on SSH honeypot passsword analysis he shows some spiffy visualizations from crunching the data with Tableau. While I've joked with him and called them \"robocharts\", the reality is that Tableau does let you work on visualizing the answers to questions quickly without having to go into\u2026","rel":"","context":"In &quot;Charts &amp; Graphs&quot;","block_context":{"text":"Charts &amp; Graphs","link":"https:\/\/rud.is\/b\/category\/charts-graphs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6127,"url":"https:\/\/rud.is\/b\/2017\/07\/27\/reading-pcap-files-with-apache-drill-and-the-sergeant-r-package\/","url_meta":{"origin":1412,"position":2},"title":"Reading PCAP Files with Apache Drill and the sergeant R Package","author":"hrbrmstr","date":"2017-07-27","format":false,"excerpt":"It's no secret that I'm a fan of Apache Drill. One big strength of the platform is that it normalizes the access to diverse data sources down to ANSI SQL calls, which means that I can pull data from parquet, Hie, HBase, Kudu, CSV, JSON, MongoDB and MariaDB with the\u2026","rel":"","context":"In &quot;Apache Drill&quot;","block_context":{"text":"Apache Drill","link":"https:\/\/rud.is\/b\/category\/apache-drill\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2590,"url":"https:\/\/rud.is\/b\/2013\/08\/21\/zeroaccess-bots-desperately-seeking-freedom-visualization\/","url_meta":{"origin":1412,"position":3},"title":"ZeroAccess Bots Desperately Seeking Freedom (Visualization)","author":"hrbrmstr","date":"2013-08-21","format":false,"excerpt":"I've been doing a bit of graphing (with real, non-honeypot network data) as part of the research for the book I'm writing with @jayjacobs and thought one of the images was worth sharing (especially since it may not make it into the book :-). Click image for larger view This\u2026","rel":"","context":"In &quot;Data Visualization&quot;","block_context":{"text":"Data Visualization","link":"https:\/\/rud.is\/b\/category\/data-visualization\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2896,"url":"https:\/\/rud.is\/b\/2014\/02\/09\/data-driven-security-roundup-betapert-shiny-honeypots-passwords-reproducible-research\/","url_meta":{"origin":1412,"position":4},"title":"Data Driven Security Roundup: betaPERT, Shiny, Honeypots, Passwords &#038; Reproducible Research","author":"hrbrmstr","date":"2014-02-09","format":false,"excerpt":"Jay Jacobs (@jayjacobs)\u2014my co-author of the soon-to-be-released book [Data-Driven Security](http:\/\/amzn.to\/ddsec)\u2014& I have been hard at work over at the book's [sister-blog](http:\/\/dds.ec\/blog) cranking out code to help security domain experts delve into the dark art of data science. We've covered quite a bit of ground since January 1st, but I'm using\u2026","rel":"","context":"In &quot;Data Analysis&quot;","block_context":{"text":"Data Analysis","link":"https:\/\/rud.is\/b\/category\/data-analysis-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":13137,"url":"https:\/\/rud.is\/b\/2021\/07\/25\/acoustic-solving-a-cyberdefenders-pcap-sip-rtp-challenge-with-r-zeek-tshark-friends\/","url_meta":{"origin":1412,"position":5},"title":"Acoustic: Solving a CyberDefenders PCAP SIP\/RTP Challenge with R, Zeek, tshark (&#038; friends)","author":"hrbrmstr","date":"2021-07-25","format":false,"excerpt":"Hot on the heels of the previous CyberDefenders Challenge Solution comes this noisy installment which solves their Acoustic challenge. You can find the source Rmd on GitHub, but I'm also testing the limits of WP's markdown rendering and putting it in-stream as well. No longer book expository this time since\u2026","rel":"","context":"In &quot;Cybersecurity&quot;","block_context":{"text":"Cybersecurity","link":"https:\/\/rud.is\/b\/category\/cybersecurity\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/comments?post=1412"}],"version-history":[{"count":0,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/posts\/1412\/revisions"}],"wp:attachment":[{"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/media?parent=1412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/categories?post=1412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rud.is\/b\/wp-json\/wp\/v2\/tags?post=1412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}