Это видео недоступно.
Сожалеем об этом.
Catching Hackers & Bots with an SSH Honeypot | 30 Day Experiment
HTML-код
- Опубликовано: 4 авг 2024
- Note: This video is for educational purposes only. I do not condone nor promote illegal activity.
I ran an open-source SSH honeypot to catch bots and hacking login attempts to collect usernames, passwords, and geographical information. Thank you to Linode for making this experiment possible. Sign up to get a $100 free credit (or 60 day trial): www.linode.com/gcollins
🔒 Interested in cybersecurity? Take a look at this quiz to find out if cybersecurity is right for you: www.cybercademy.org/quiz/
🔗 Resource Links mentioned:
PSHITT Honeypot GitHub: github.com/regit/pshitt
Lessons Learned from SSH Credential Honeypots: systemoverlord.com/2020/09/04...
⏰ Timestamps:
0:00 - Introduction
1:10 - Setting up the Honeypot
3:17 - Stopping the Honeypot
4:37 - Results and Statistics
❓ Interested in cybersecurity, but don't know where to start? Take a look at this newly released course which helps you get started in cybersecurity: www.cybercademy.org/course
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / collinsinfo...
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfAM
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgRF
Keyboard (Velocifire VM01): amzn.to/2TEswfd
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq6
Standing Desk (FlexiSpot Height Adjustable 47 inch): amzn.to/3p3uSAa
More experiments please! Very interesting video!
Gotta love the content!
Time to add dee boo dah to the jack the ripper lol. Good vid! Never thought that attackers would target small "random" servers that much. I wonder how much traffic big corporations get.
#deeboodah Thank you!
Hey Grant! It's great to see you buddy. Hope you're well and thank you for the excellent content!
Thank you John!
Great video. Good reason to set your server to block log in from the internet and to only use key pairs.
smooth explanation , u got me at the end haha xD
I admire your work ethic
Need you to post videos more often like a day in the life
Interesting experiment. I did something similar from 16 January to 17 March. With Honeypots hosted in various countries via linode and personal servers at a few universities across the world. Its interesting to see what passwords you got in your top 10. I observed different results based on geographical location and whether the nodes were publicly hosted or hosted on university networks with a public IP
Very interesting experiment. Thank you for sharing your results!
@@collinsinfosec some of those weird passwords you see might be related to botnets. If you look at the TTY logs you will see the automated scripts try to change root passwords to some weird new passwords for future exploration.
The random password could be something translated, like how some standard passwords are translated from other languages. Because those requests probably came from China, and obviously have a different language system, they might have translated the characters to that password
Great experiment!
Cool idea!
Thanks for the video!
This is great. I'd love to see a honeypot where you let them in and see what they do.
Awesome work
can you do a video how you install & setup your honeypot ???
grate project
Please can u tell me what is the difference between ethical hacking and cybersecurity ?
can i have the ssh listening script?
what about loging all failed user names and passwords on a ssh port? knowing what passwords are being tryed. I can ban network user from using them.
Good insight - will keep this in mind for the future.
there is a dictionary of such passwords and it is a big dictionary
So, what is the reason of that "strange" password? The second one I mean
I haven't found out yet!
Bro, is it linode like virtualbox?
It is like VirtualBox - sort of. Except the machine is hosted out on another computer instead of your own.
@@collinsinfosec thanks bro
👌🏻
they can scan server and see that you have open 5323 :)
The 7 dislikes are the hackers who got busted
this was recorded the day after the US capitol insurrection? feels like that was years ago lmao
I know 😂
De Boo Da
How to catch a script kiddie 101
First comment 😁
Gracias coder_will en Instagram por tu buen trabajo, el impostor ha sido descubierto, ahora está en la cárcel mientras te escribo
Recomiendo coder_will en Instagram para piratear servicios en los que no ha fallado, independientemente de cuántas veces haya usado sus servicios. En términos de recuperación de cuentas y servicio de espionaje.
a video how can describles worse
I could imagine that random password is from crawlers such as shodan.io - using a random password on purpose to not accidentally break into someone’s server/device that hasn’t been secured properly - I reckon depending on where the devices are located, this could have some legal difficulties for the companies running such crawlers.
Nice video btw :thumbs_up: