Secure Honey

SSH honeypot written in C

Thank You

Monday 8th September 2014 11:12

Dr. Bernhard Reus, Senior Lecturer, University of Sussex, presenting Simon with the Best Computer Science Final Year Project Award from the British Computer Society. Photograph by Morten Watkins.

Wow, what an amazing way to end the final year project: SecureHoney.net went viral, the project won an award (above) from the British Computer Society and I've been offered a scholarship to study a cyber security PhD.

It's been nearly three months since the last blog post in which we looked at the Android Simplocker Ransomware.

I decided it would be a good idea to take some time off over the summer so I'm ready and energised for the next adventure which starts later this month.

So what's been happening since the last blog post? Quite a lot as it turns out...

Secure Honey Goes Viral

The post in which we analysed Simplocker went semi-viral overnight.

Having only published the article on the 16th June, the next day I noticed a couple of technology news websites had picked up on the story (Softpedia: Simplocker May Have an Antidote, The Register: Student promises Java key to unlock Simplocker ransomware). These news articles highlighted the promise to release the antidote.

Two news websites counts as semi-viral, right?

Nothing like a gentle amount of pressure to release the next blog post! Luckily the antidote along with the follow-up blog post had been written the day before.

I felt quite anxious about publishing the antidote article and wanted to publish it first thing in the morning. I re-re-double, triple and quadrupole check the code - just to make sure there weren't any major mistakes. After all, the global techie community was waiting for an antidote to the latest Android malware.

The antidote Java code for Simplocker along with the follow-up blog post on was published on the 17th June (see Creating An Antidote For Android Simplelocker Ransomware).

I presumed these two technology news websites would simply update their news stories and that would be the end of it.

However, the antidote went fairly viral, appearing on the following news websites:

The University of Sussex also picked up on the news item and produced a number of articles on the story:

Best Computer Science Final Year Project Award

In June I was on holiday in France with family taking some (very much appreciated) time away from technology. We were in a lovely little town in the south of France where mobile phone signal was intermittent at best. Perfect for switching off!

One morning, when checking emails on the smartphone during a rare clear signal spot, I was amazed to discover that this project had been awarded the Best Final Year Project Award from the British Computer Society.

So, having returned from France, in July 2014 I was incredibly happy (and couldn't stop smiling for quite some time) to be presented with the award for the Best Final Year Project for Computer Science at the University of Sussex Engineering and Informatics Award Ceremony.

Dr. Bernhard Reus, Senior Lecturer, University of Sussex, presented the award at the prize ceremony. Here he is explaining a little bit about the project, Secure Honey and the ransomware antidote to the audience:

For a list of all Informatics prize-winning projects at the University of Sussex, see the Prize-winning undergraduate projects page.

Information Security PhD

In March I applied to Royal Holloway's Centre for Doctoral Training in Cyber Security, which is funded by EPSRC. The four year programme starts with a foundation in cyber security (equivalent to an Mphil) before specialising in the PhD element.

It's worth noting that from January I'd been applying to various jobs and graduate schemes at a number of different organisations. This is because I wanted to (at least try to) secure a job or postgraduate course way before graduation in July in an attempt alleviate the pressure somewhat.

In May I attended an interview at Royal Holloway for their Cyber Security CDT programme and kept all my fingers and toes crossed in that hope that everything would go well.

I was genuinely thrilled and over the moon (and did wonder if they'd accidentally contacted the wrong person) when Royal Holloway offered me a place on their Centre for Doctoral Training in Cyber Security.

The CDT starts on the 22nd September and the plan is to continue this blog with updates on my progress at Royal Holloway.

I'm hugely excited about starting the CDT in a couple of weeks and have spent the summer creating some new habits (such as a new morning routine, fitness, meditation etc) and also studying some online courses.

One of the courses which has proved to be invaluable is Dr. Terrence Sejnowski and Dr. Barbara Oakley's Learning How to Learn: Powerful mental tools to help you master tough subjects, University of California, San Diego.

There is so much covered in this MOOC about how to improve learning. For example: exercise helps to create new neurons in the brain, therefore improving learning ability. So many of these new methods and techniques will be invaluable to my studies at Royal Holloway.

Dissertation & Graduation

The dissertation for the final year project has been written and was handed into the University of Sussex on the 12th May. The dissertation can be viewed here.

The dissertation's also available on the publications page of this website and the University of Sussex, Informatics Prize-winning undergraduate projects page.

I'm also very pleased to announce that I graduated from the University of Sussex in July with a First Class Degree with Honours in Computer Science. A fantastic conclusion to three wonderfully happy, fascinating and intellectually stimulating years at the university.

An Incredibly Big Thank You To Everyone

So I'd like to conclude this blog post by expressing my genuine gratitude to everyone that's helped this project along the way.

Thank you, Dr. Gareth Owen, University of Portsmouth. You contributed some valuable ideas to this project and shared your expertise on the more complex malware analysis.

Thank you, Dr. Lorenzo Cavallaro, Royal Holloway, University of London. Your Coursera course (Malicious Software and its Underground Economy: Two Sides to Every Story) provided this project with an excellent foundation into malware and different analysis techniques. Also, your knowledge and expertise helped steer the project in the right direction.

All the wonderful photographs on this blog post were taken by Morten Watkins at the prize ceremony in July. Thank you, Morten, for taking these photos and for allowing them to be displayed on Secure Honey. Your pictures bring this blog post to life and have captured a very happy memory.

I'd also to thank all the lecturers in the Informatics department at the University of Sussex that have educated me and so many other students about the wonderful world of Computer Science. There are some seriously nop-notch lecturers at the university and I highly recommend their Computer Science degree programme.

A very special thank you goes to my project supervisor: Dr. Martin Berger. You encouraged me to push myself and work harder than than I ever thought possible. You're a conscientious supervisor and lecturer and a true inspiration.

Last, but by no means least, a big thank you goes to the readers of this blog. It's thanks to you reading, liking, tweeting, commenting and joining in the posts that this project has been a success - and went viral. So thank you, it means a lot to me.

Where will Secure Honey go from here?

All of these responses to the project have been very motivating. The project has received a lot of positive feedback from students and readers of this blog that are eager to learn malware analysis and understand more about cyber security.

The aim is to continue dissecting malicious files as I discover them. I'm also going to focus on other areas of cyber security that I believe are important in an attempt to spread the word and educate us about the vulnerabilities that exist out there in technology.

I'll also use this blog for its original purpose: to log my cyber security learning adventures and the discoveries we make along the way.

If there are any topics you'd like this blog to cover please do get in touch via Facebook, Twitter, or the contact page.

Stay tuned for the next blog post :)

From left to right: Jozef Maxted, Thomas Kober and Simon Bell with their project awards. All photography by Morten Watkins, University of Sussex.

Comments

There are no comments for this blog post yet

Add Comment

Name

Email (won't be displayed)

Website (optional)

Comments

Live Stats (see full stats)

Attempted logins

date range # attempts
today393
yesterday194
past 7 days4,426
past 30 days17,357
all time4,114,040

Top 5 passwords

password # attempts
12345618,562
admin8,503
password6,536
-6,393
root4,833

Top 5 usernames

username # attempts
root3,927,129
admin78,772
test4,046
oracle3,356
nagios2,648

Stats represent data collected from SSH login attempts on multiple honeypots. Parts of some stats may be filtered to maintain anonymity.

Updated: Tue, 07 Jun 2016 16:33:48 +0100

Live Password Cloud

12qwaszx 963852741 1234%^ POIUYT 12344321 zxcvbn 111 zaqxsw 888888 111111 asdfghjkl a123456 windows qwer1234 q1w2e3 Passw0rd zxcv support 1111 server iloveyou welcome123 user !@ abcdef a cisco 123abc qwer qwerty123 q123456 manager 54321 alpine qq123456 huawei 11223344 password zaqxswcde qazwsx default 1 qwe123 test okokok 88888888 ubnt dragon 159753 147852369 12345678 passwd qwertyuiop 23456 power qwaszx huawei123 changeme123 123123123 5201314 Aa123456 qwe 1qazxsw2 nagios redhat zaqxswcdevfr q1w2e3r4 1234qwer 1qaz2wsx3edc monitor 12345 pass root1234 password123 123qweasd 000000 z1x2c3v4 qaz qazwsx123 f**kyou admin123!@# Pass123 121212 p@ssword 1a2s3d4f 1qaz2wsx Admin123456 woaini zaq1xsw2 linux adminadmin _ system 1qaz@WSX P@ssw0rd1 sapp a1b2c3d4 654321 qazwsxedc 1234 sqlpp qazxsw asdf sysadmin qqpp abc123 idc2008 123123 666666 123456 123qwe 987654321 admin123 admin@123 zhang 789789 11111111 idcidc qwerty123456 secret Huawei@123 !@#$%^ changeme 1q2w3e 147258369 superman 147258 admin1 mnbvcxz admin welcome 225588 !qaz1QAZ 123 p0o9i8u7 apple aaa !QAZ2wsx administrator zzzzzz oracle qwerty china 0000 rootpass 7890pp letmein abcd1234 1122334455 raspberry abc1234 a1s2d3f4 rootroot P@ssw0rd qwert public adminpp 1q2w3e4r5t root 1234567890 qweasd guest asdfgh test123 zxcvbnm caonima - !QAZ@WSX 112233 147147 123654 q1w2e3r4t5 1234567 1q2w3e4r password1 root123 123456789 12345qwert qweasdzxc 110110 159357