Secure Honey

SSH honeypot written in C

Thank You

Monday 8th September 2014 11:12

Wow, what an amazing way to end the final year project: SecureHoney.net went viral, the project won an award (left) from the British Computer Society and I've been offered a scholarship to study a cyber security PhD.

It's been nearly three months since the last blog post in which we looked at the Android Simplocker Ransomware.

I decided it would be a good idea to take some time off over the summer so I'm ready and energised for the next adventure which starts later this month.

So what's been happening since the last blog post? Quite a lot as it turns out...

... read more

Creating An Antidote For Android Simplelocker Ransomware

Tuesday 17th June 2014 10:09

In yesterday's blog post (How To Dissect Android Simplelocker Ransomware) we dissected the new Android Simplelocker ransomware.

In this blog post we'll be creating an antidote for the ransomware to decrypt any files it encrypts.

The process of creating the antidote is actually very simple because the ransomware comes with a built-in decrypt method and cipher password. This means we're able to create our own Java class and copy the decryption code from the ransomware into our antidote class.

So let's jump right in and start creating our antidote for Simplelocker!

... read more

How To Dissect Android Simplelocker Ransomware

Monday 16th June 2014 11:56

In this blog post we'll be looking at a new type of malware for Android phones that encrypts important files and demands the user pay a ransom to regain access to their phone.

This is the first reported case of ransomware being used on smartphones so I'm keen to find out more about this new malicious app.

I want to understand what this ransomware does and how it restricts the phone user from accessing files on their SD card. I'll be providing a step-by-step dissection of the malware to provide a clear explanation of how this app carries out its malicious activities.

So before we start the dissection let's look at exactly what Simplelocker is and where it came from.

... read more

How To Dissect Android Flappy Bird Malware

Sunday 16th March 2014 16:34

Coming up in this blog post: dissecting malicious version of Flappy Bird reveals premium rate SMS message sent without user being aware.

I'm at a point with the project where I'm diverging away from the honeypot for a moment to look at other sources of malware.

I'm keen to see how Android malware is put together and how to reverse engineer it to see what's going on under the hood.

So in this blog post I'll be focusing on how to dissect one of the malicious versions of Flappy Bird.

Flappy Bird

First, a brief introduction and background on what Flappy Bird is.

Flappy bird is a game created by Vietnamese developer Dong Nguyen and published by indie game producer .GEARS Studios.

Dong Nguyen released the game on 24th May 2013 and it suddenly became popular in early 2014. It's reported that the game was earning $50,000 per day from adverts which were displayed within the game.

Creator Dong removed the game from Apple and Google on the 10th February 2014 after feeling guilty because the game was too addictive.

Having been removed from both both Apple's App Store and Google Play, various malicious versions of the app started to appear online to fill the gap.

So it's one of these malicious version of Flappy Bird that I'll be dissecting in this blog post.

... read more

Trojan Horse Uploaded Part 2: Malware Analysis

Thursday 6th February 2014 11:23

Coming up in this blog post: trojan horse receives commands from a Chinese C&C server and sends DDoS attacks to a Malaysian online casino website.

I'll be analysing the malware to determine what it does and also update you on the rest of the project as it's been a while since my last blog post.

My last post was back on the 14th December 2013 and since then I've been buried in revision for exams in January, along with post-graduate applications and graduate scheme applications.

This means there's not been a huge amount of progress on the project, but I'm aiming to get straight back into focusing on it now. I'm also eager to share some insights into the "disknyp" malware which came to light back in December.

... read more

Live Stats (see full stats)

Attempted logins

date range # attempts
today393
yesterday194
past 7 days4,426
past 30 days17,357
all time4,114,040

Top 5 passwords

password # attempts
12345618,562
admin8,503
password6,536
-6,393
root4,833

Top 5 usernames

username # attempts
root3,927,129
admin78,772
test4,046
oracle3,356
nagios2,648

Stats represent data collected from SSH login attempts on multiple honeypots. Parts of some stats may be filtered to maintain anonymity.

Updated: Tue, 07 Jun 2016 16:33:48 +0100

Live Password Cloud

12qwaszx 963852741 1234%^ POIUYT 12344321 zxcvbn 111 zaqxsw 888888 111111 asdfghjkl a123456 windows qwer1234 q1w2e3 Passw0rd zxcv support 1111 server iloveyou welcome123 user !@ abcdef a cisco 123abc qwer qwerty123 q123456 manager 54321 alpine qq123456 huawei 11223344 password zaqxswcde qazwsx default 1 qwe123 test okokok 88888888 ubnt dragon 159753 147852369 12345678 passwd qwertyuiop 23456 power qwaszx huawei123 changeme123 123123123 5201314 Aa123456 qwe 1qazxsw2 nagios redhat zaqxswcdevfr q1w2e3r4 1234qwer 1qaz2wsx3edc monitor 12345 pass root1234 password123 123qweasd 000000 z1x2c3v4 qaz qazwsx123 f**kyou admin123!@# Pass123 121212 p@ssword 1a2s3d4f 1qaz2wsx Admin123456 woaini zaq1xsw2 linux adminadmin _ system 1qaz@WSX P@ssw0rd1 sapp a1b2c3d4 654321 qazwsxedc 1234 sqlpp qazxsw asdf sysadmin qqpp abc123 idc2008 123123 666666 123456 123qwe 987654321 admin123 admin@123 zhang 789789 11111111 idcidc qwerty123456 secret Huawei@123 !@#$%^ changeme 1q2w3e 147258369 superman 147258 admin1 mnbvcxz admin welcome 225588 !qaz1QAZ 123 p0o9i8u7 apple aaa !QAZ2wsx administrator zzzzzz oracle qwerty china 0000 rootpass 7890pp letmein abcd1234 1122334455 raspberry abc1234 a1s2d3f4 rootroot P@ssw0rd qwert public adminpp 1q2w3e4r5t root 1234567890 qweasd guest asdfgh test123 zxcvbnm caonima - !QAZ@WSX 112233 147147 123654 q1w2e3r4t5 1234567 1q2w3e4r password1 root123 123456789 12345qwert qweasdzxc 110110 159357