Secure Honey

SSH honeypot written in C

Resources

Analysis reveals popular Adobe passwords [link]
"123456" was the most popular password among the millions of Adobe users whose details were stolen during an attack on the company. About 1.9 million people used the sequence, according to analysis of data lost in the leak.

BackTrack 5 Wireless Penetration Testing Beginner's Guide, Vivek Ramachandran
Wireless has become ubiquitous in today's world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost – Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. Backtrack 5 Wireless Penetration Testing Beginner's Guide will take you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.

Free as in Freedom: Richard Stallman's Crusade for Free Software, Sam Williams
Free as in Freedom interweaves biographical snapshots of GNU project founder Richard Stallman with the political, social and economic history of the free software movement. Starting with how it all began--a desire for software code from Xerox to make the printing more efficient--to the continuing quest for free software that exists today. It is a movement that Stallman has at turns defined, directed and manipulated. Like Alan Greenspan in the financial sector, Stallman has assumed the role of tribal elder in a community that bills itself as anarchic and immune to central authority.

Ghost In The Wires: My Adventures as the World's Most Wanted Hacker, Kevin Mitnick
Kevin Mitnick, the world's most wanted computer hacker, managed to hack into some of the country's most powerful - and seemingly impenetrable - agencies and companies. By conning employees into giving him private information and manoeuvring through layers of security, he gained access to data that no one else could. The suspenseful heart of the book unfolds as Mitnick disappears on a three-year run from the FBI. He creates fake identities, finds jobs at a law firm and hospital, and keeps tabs on his myriad pursuers - all while continuing to hack into computer systems and phone company switches that were considered flawless. A modern, technology-driven adventure story, GHOST IN THE WIRES is a dramatic account of the joy of outsmarting security programs, the satisfaction of code-cracking, and the thrill of unbelievable escape.

Hackers: Heroes of the Computer Revolution - 25th Anniversary Edition, Steven Levy
This 25th anniversary edition of Steven Levy's classic book traces the exploits of the computer revolution's original hackers -- those brilliant and eccentric nerds from the late 1950s through the early '80s who took risks, bent the rules, and pushed the world in a radical new direction. With updated material from noteworthy hackers such as Bill Gates, Mark Zuckerberg, Richard Stallman, and Steve Wozniak, Hackers is a fascinating story that begins in early computer research labs and leads to the first home computers. Levy profiles the imaginative brainiacs who found clever and unorthodox solutions to computer engineering problems. They had a shared sense of values, known as "the hacker ethic," that still thrives today. Hackers captures a seminal period in recent history when underground activities blazed a trail for today's digital world, from MIT students finagling access to clunky computer-card machines to the DIY culture that spawned the Altair and the Apple II.

Hacking Exposed: Network Security Secrets & Solutions, Stuart Mcclure, Joel Scambray, George Kurtz
Bolster your system's security and defeat the tools and tactics of cyber-criminals with expert advice and defence strategies from the world-renowned Hacking Exposed team. Case studies expose the hacker's latest devious methods and illustrate field-tested remedies. Find out how to block infrastructure hacks, minimize advanced persistent threats, neutralize malicious code, secure web and database applications, and fortify UNIX networks. Hacking Exposed 7: Network Security Secrets & Solutions contains all-new visual maps and a comprehensive "countermeasures cookbook."

Hacking: The Art of Exploitation, Jon Erickson
While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

History of ransomware [link]
A good definition of malware and a brief overview of the history of malware from 1989 to 2016

Honeypots in the Cloud [link]
A study using honeypots within various cloud computing platforms (such as Amazon EC2, Windows Azure etc.) with the objective of learning more about what kind of packets they receive

Malicious Software and its Underground Economy: Two Sides to Every Story, Lorenzo Cavallaro, University of London International Programmes [link]
Learn about traditional and mobile malware, the security threats they represent, state-of-the-art analysis and detection techniques, and the underground ecosystem that drives such a profitable but illegal business.

Measuring Password Guessability for an Entire University [link]
Despite considerable research on passwords, empirical studies of password strength have been limited by lack of access to plaintext passwords, small data sets, and password sets specifcally collected for a research study or from low-value accounts. Properties of passwords used for high-value accounts thus remain poorly understood. We fill this gap by studying the single-sign-on passwords used by over 25,000 faculty, staff, and students at a research university with a complex password policy

Metasploit: The Penetration Tester's Guide
The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks.

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Gordon Lyon, Fyodor
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book suits all levels of security and networking professionals. A 42-page reference guide documents every Nmap feature and option, while the rest of the book demonstrates how to apply those features to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire.

No honeypot? Don't bother calling yourself a security pro [link]
Article that introduces the term "honeypot" and compares popular honeypot technology.

One Man's Opinion Lost in the Wilderness of Mediocrity, Darren Popham [link]
Website run by Darren Popham, presents data collected from Kippo honeypot.

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, Michael Sikorski, Andrew Honig
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defences, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyse, debug, and disassemble any malicious software that comes your way.

Programming from the Ground Up, Jonathan Bartlett
If you ever wondered how computers really work under the hood, this book will tell you. It gets down and dirty with Linux and assembly language to show you just how your computer manages things on the low levels. This book is written with the novice in mind, but will be a benefit to anyone who is interested in learning either assembly language or how their computer really works. If you are already a programmer in another language, this book will help you see what is really happening when you program, and will make you a better programmer in whatever language you choose.

Social Engineering: The Art of Human Hacking, Paul Wilson, Christopher Hadnagy
The first book to reveal and dissect the technical aspect of many social engineering manoeuvres From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unravelled the mystery in social engineering. Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single–most effective method in his arsenal. This indispensable book examines a variety of manoeuvres that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

SSH Brute Force – The 10 Year Old Attack That Still Persists [link]
Article on ssh brute force attacks over past 10 years + turning server into IRC bots

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, Patrick Engebretson
The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Cliff Stoll [link]
Clifford Stoll's first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBL).

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, Chris Eagle
No source code? No problem. With IDA Pro, the interactive disassembler, you live in a source code-optional world. IDA can automatically analyze the millions of opcodes that make up an executable and present you with a disassembly. But at that point, your work is just beginning. With The IDA Pro Book, you'll learn how to turn that mountain of mnemonics into something you can actually use. Chris Eagle is a Senior Lecturer of Computer Science at the Naval Postgraduate School in Monterey, CA. He is the author of many IDA plug-ins, co-author of Gray Hat Hacking, and has spoken at numerous security conferences, including Black Hat, Defcon, ToorCon, and ShmooCon.

The keys to the keydom [link]
Interesting article on using Euclid’s algorithm to find the greatest common divisor in two products of large prime numbers

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws(Author), Dafydd Stuttard, Marcus Pinto
The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step–by–step techniques for attacking and defending the range of ever–evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side.

Tracking down hi-tech crime [link]
If every hour a burglar turned up at your house and rattled the locks on the doors and windows to see if he could get in, you might consider moving to a safer neighbourhood. And while that may not be happening to your home, it probably is happening to any PC you connect to the net. An investigation by the BBC News website has established the scale of the dangers facing the average net user. Using a computer acting as a so-called "honeypot" the BBC has been regularly logging how many potential net-borne attacks hit the average Windows PC every day.

Trapping hackers in the honeypot [link]
In this second part of our investigation using the BBC honeypot we recount what happened when we let the machine get infected rather than just log attacks. It is rare that you would willingly let vandals and burglars into your home but a controlled environment like a honeypot computer lets you do the technological equivalent in relative safety. The idea of letting the PC get infected was to see exactly what nasty programs hit our machine and how easy it was to recover from infection.

Unauthorised Access: Physical Penetration Testing for IT Security Teams, Kevin Mitnick, Wil Allsopp
The first guide to planning and performing a physical penetration test on your computer's security. Most IT security teams concentrate on keeping networks and systems safe from attacks from the outside–but what if your attacker was on the inside? While nearly all IT teams perform a variety of network and application penetration testing procedures, an audit and test of the physical location has not been as prevalent. IT teams are now increasingly requesting physical penetration tests, but there is little available in terms of training. The goal of the test is to demonstrate any deficiencies in operating procedures concerning physical security. Featuring a Foreword written by world–renowned hacker Kevin D. Mitnick and lead author of The Art of Intrusion and The Art of Deception , this book is the first guide to planning and performing a physical penetration test.

Violent Python, TJ O'Connor
"Violent Python" shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artefacts. It also shows how to write code to intercept and analyse network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.

Live Stats (see full stats)

Attempted logins

date range # attempts
today393
yesterday194
past 7 days4,426
past 30 days17,357
all time4,114,040

Top 5 passwords

password # attempts
12345618,562
admin8,503
password6,536
-6,393
root4,833

Top 5 usernames

username # attempts
root3,927,129
admin78,772
test4,046
oracle3,356
nagios2,648

Stats represent data collected from SSH login attempts on multiple honeypots. Parts of some stats may be filtered to maintain anonymity.

Updated: Tue, 07 Jun 2016 16:33:48 +0000

Live Password Cloud

12qwaszx 963852741 1234%^ POIUYT 12344321 zxcvbn 111 zaqxsw 888888 111111 asdfghjkl a123456 windows qwer1234 q1w2e3 Passw0rd zxcv support 1111 server iloveyou welcome123 user !@ abcdef a cisco 123abc qwer qwerty123 q123456 manager 54321 alpine qq123456 huawei 11223344 password zaqxswcde qazwsx default 1 qwe123 test okokok 88888888 ubnt dragon 159753 147852369 12345678 passwd qwertyuiop 23456 power qwaszx huawei123 changeme123 123123123 5201314 Aa123456 qwe 1qazxsw2 nagios redhat zaqxswcdevfr q1w2e3r4 1234qwer 1qaz2wsx3edc monitor 12345 pass root1234 password123 123qweasd 000000 z1x2c3v4 qaz qazwsx123 f**kyou admin123!@# Pass123 121212 p@ssword 1a2s3d4f 1qaz2wsx Admin123456 woaini zaq1xsw2 linux adminadmin _ system 1qaz@WSX P@ssw0rd1 sapp a1b2c3d4 654321 qazwsxedc 1234 sqlpp qazxsw asdf sysadmin qqpp abc123 idc2008 123123 666666 123456 123qwe 987654321 admin123 admin@123 zhang 789789 11111111 idcidc qwerty123456 secret Huawei@123 !@#$%^ changeme 1q2w3e 147258369 superman 147258 admin1 mnbvcxz admin welcome 225588 !qaz1QAZ 123 p0o9i8u7 apple aaa !QAZ2wsx administrator zzzzzz oracle qwerty china 0000 rootpass 7890pp letmein abcd1234 1122334455 raspberry abc1234 a1s2d3f4 rootroot P@ssw0rd qwert public adminpp 1q2w3e4r5t root 1234567890 qweasd guest asdfgh test123 zxcvbnm caonima - !QAZ@WSX 112233 147147 123654 q1w2e3r4t5 1234567 1q2w3e4r password1 root123 123456789 12345qwert qweasdzxc 110110 159357