September 20 - 22, 2017
BLOG
Category: Modern Honey Network
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Community Data (Part 4)
Over the last 3 weeks, I’ve looked at: ingesting Modern Honey Network data into Splunk, adding context to MHN data using threat feeds, and creating alerts using MHN data.In this post I am going to give you a brief insight into the data that was reported back from...
Read More
Cyber Threat Intelligence Modern Honey Network
MHN Radar: Databases Under Siege
Anomali’s Modern Honeypot Network (MHN for short) is a worldwide network of honeypot sensors that collects data on scans, probes and intrusions of various network ports and services. By looking at data collected by MHN we can piece together a picture of the current threat landscape for a...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Honeypot Alert Automation (Part 3)
In my last post, I looked at enriching Modern Honey Network events against a threat feed, specifically Anomali Threatstream IOCs.The idea of enriching events helps filter out false positives — events that pose no real risk to a network. False positives can obviously — and do — waste many...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Adding Context Using Threat Feeds (Part 2)
Last week, I showed how to ingest Modern Honey Network data into Splunk and visualise it with the MHN Splunk App.Hopefully you’ve been getting lots of additional value on-top of the Modern Honey Network web app. I’m sure you’re now ready to...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Splunk
Splunking The Modern Honey Network: Getting Value From Your Honeypots Data (Part 1)
Whilst The Modern Honey Network Server alone is powerful, exporting the data for further manipulation and analysis can be very useful. It is common to see security teams feeding MHN attack data directly into their SIEM for correlation against events generated from other security tools, like...
Read More
Building Raspberry Pi Honeypots On A Budget
It is no longer sufficient to run a singular security application and expect your network to be protected from threats. Zero-day exploits can catch your anti-malware software off guard, and anything encrypted can potentially be decrypted if an outsider wants the data badly enough. With all that is riding on...
Read More
Five Ways to Include MHN in Your Security Strategy
Honeypots are versatile tools to add to your cyber-security arsenal. Using a sandbox environment to entice hackers is a great research tool. Not only are you preserving your legitimate network from harm, visitors leave important clues about their identity and objectives.
The Modern Honey Net is growing in popularity as...
Read More
4 Ways to Get the Most Out of the Modern Honey Network
Setting up a honeypot is a well-known strategy for having a complete cyber-security system. The honeypot is a phony, low-stakes web environment you set up as a decoy. Hackers find the resource and by exploring it for vulnerability, leave clues about their identities and motivations. In addition to incriminating themselves,...
Read More
Turn the Tables on Cyber-Crime With The Modern Honey Network
If your network is hacked, you will have a multitude of reactions, including an urge to respond in kind. Technically hacking the hackers isn’t legal, but deceiving intruders is! Advanced persistent threats are targeted at those who have information of value to the hacker. Scrubbing away malware is...
Read More
The Accuracy Of The Honeypot Network
Discovering evidence that someone is probing your network for weaknesses before they successfully attack makes all the difference. You will learn a lot about your enemies and what they are seeking after your network has been infected or your data has been stolen, copied, or sabotaged. But there is no...
Read More
The Advantages Of A Modern Honeypot
Operations of every size and in every industry need consistent, reliable threat intelligence. The consequences of a virus attack or data breach are devastating. Some businesses never recover from the damage. Some studies report that as few as 6% of businesses who experience data loss are still in operation two years...
Read More
Who Can Benefit From A Raspberry Pi Honeypot
With all the different security options being introduced, how can you tell which solutions are right for you? Understanding the different types of threat intelligence tools is important, as is objectively assessing your own needs. Individuals and enterprises alike all need a system in place to detect and respond to...
Read More
The Importance of Forming a Modern Honeypot Network
There are many reasons why it is important for your enterprise to invest the time and resources into building and to manage a honeypot using the Modern Honey Network (MHN). Hosting data on a network is a great responsibility. Stolen data cannot be returned to its owners like a stolen...
Read More
How To Make Your Modern Honeypot An Enterprise Defense
The modern honeypot is a security tool developed using open-source framework. Honeypots are like interactive traps which are useful to study would-be attackers. Enterprises host a no-stakes entity such as a website that attracts threats including invasive bots and attackers. Criminals are trying to access proprietary data, client leads, personnel...
Read More
BSidesNYC2016 Recap
Last Month Jason Trost and I presented some of our “https://www.slideshare.net/slideshow/embed_code/key/3SSGk4Mr11wtDG”at the inaugural BSidesNYC.BSidesNYC was held at the home of the nation’s first computer forensics’ graduate program, John Jay College. In the current...
Read More
Cyber Threat Intelligence Modern Honey Network Research Threat Intelligence Platform
Juniper ScreenOS Backdoor Password Seen Used in the Wild
Starting on December 22nd sensors that are part of the Modern Honey Network (MHN) started detecting several systems using the recently reported Juniper ScreenOS backdoor password (<<< %s(un='%s') = %u as reported by Rapid7 here). This backdoor is identified as CVE-2015-7755. ...
Read More
Cyber Threat Intelligence Modern Honey Network
Leveraging Your Honeypots with the Right Tools
Can you deploy honeypots offensively?In 1999, Lance Spitzner, published How To Build A Honeypot and since then we’ve seen a wide-scale proliferation of honeypot usage. Why? Because it's one of the only effective and offensive countermeasures we can take against hackers.Some may disagree that honeypots are...
Read More
Cyber Threat Intelligence Modern Honey Network Threat Intelligence Platform
Applications of MHN and Honeypots in the Enterprise
Often times we are asked about various uses of Modern Honey Network (MHN) and deploying honeypots. In this post we will discuss several different use cases for how MHN and honeypot sensors can be used in the enterprise.Threat Intelligence CollectionMHN was originally designed for Threat Intelligence collection in...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM Threat Intelligence Platform
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools
A couple weeks ago, Nicholas Albright and myself from ThreatStream Labs offered a workshop at BSidesLV 2015 on Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools. This was a packed class and we ended up having more attendees than the maximum class size. This made teaching the...
Read More
Cyber Threat Intelligence Modern Honey Network SIEM
Monitoring Anonymizing Networks (TOR/I2P) for Threat Intelligence
Disclaimer: Due to the prevalence of illegal material, specifically illegal images, we highly recommend only experienced researchers who understand the risks perform research in this area. Regardless of the experience of the investigator, disabling image loading or downloading should be the first step to prevent accidental exposure to this...
Read More
