Exploring the Intricacies of Online Security: My Adventures with Honeypots and SIEM

hackysterio
4 min readMay 18, 2023

Have you ever wondered how hackers try to gain access to computers and devices connected to the internet? It’s a wild and sometimes scary world out there, filled with scanners, bots, and nefarious individuals trying to exploit WEAK SECURITY CONFIGURATIONS. Recently, I decided to turn the tables on these bad guys and set up my own trap using a fascinating concept called a “honeypot,” coupled with the power of Security Information and Event Management (SIEM). In this article, I’ll take you on a thrilling journey through my experiment, where I pretended to be a vulnerable target, collected valuable information about cybercriminals, and harnessed the capabilities of SIEM. So buckle up, because we’re about to delve into the exciting world of online security!

The Honeypot: A Tempting Trap

To understand what I did, let’s start with the basics. A honeypot is like a digital decoy, an attractive bait that lures hackers into a controlled environment. Just like bees are drawn to sweet nectar, hackers are enticed by poorly secured machines and devices connected to the internet. By creating a honeypot, I set the stage for an intriguing encounter between the hackers and me, the one running the show.

Meet “Sabinus”: My Crafty Creation

To make my honeypot enticing, I created a virtual machine called “sabinus” and uploaded it to the cloud. I intentionally configured the security settings to be weak, making it an irresistible target for hackers. However, there was a twist — they wouldn’t be able to guess the login credentials, which gave me the upper hand.

Setting up the honeypot
Logging into the Virtual Machine using Remote Desktop Connection

Reversing Roles: Becoming the “Bad Guy”

Usually, hackers are the ones trying to infiltrate systems, but this time, I decided to walk on the dark side and play the role of a bad guy. My goal was to gather valuable information about these hackers and understand their methods. By tricking them into thinking they found an easy target in “sabinus,” I was able to learn more about their tactics and strategies.

The Power of SIEM: Analyzing and Responding to Events

To enhance the effectiveness of my honeypot experiment, I employed the use of Security Information and Event Management (SIEM). SIEM solutions provide real-time analysis of security alerts and events generated by systems, applications, and network devices. With SIEM, I could monitor and analyze the login attempts, track the hackers’ activities, and gain deeper insights into their techniques.

The Bait Works: Hooking the Hackers

To test the effectiveness of my honeypot and SIEM combination, I even tried fooling myself by attempting to log in using “shabinus” instead of “sabinus.” Sure enough, the honeypot captured my login attempt, revealing just how well it was set up to gather information. Armed with this knowledge, I was ready for the real hackers to take the bait.

shabinus login attempt
Information it gathered about shabinus

The Intruders: Unwanted Guests from Across the Globe

It didn’t take long for the hackers to fall into my trap. Within moments of setting up my honeypot, I noticed login attempts coming in from all over the world. Some even originated from places as far away as China! I documented this cyber warfare on a map, creating a visual representation of the sheer volume of login attempts. In just eight hours, there were over 5,000 different attempts from almost every corner of the globe. This eye-opening experience highlighted just how rampant hacking attempts are on the internet.

5 minutes after setting up
8 hours after setting up

Beyond Mere Intrusion: The Cryptocurrency Conundrum

One might wonder why hackers invest so much effort into infiltrating systems. Well, one reason is that they can use compromised machines to mine cryptocurrencies like Bitcoin or Ethereum. By doing so, they slow down the machine’s performance and increase energy consumption, which can eat up cloud subscriptions and cause all sorts of trouble for the unsuspecting victims.

Conclusion:

Exploring the world of online security through the lens of a honeypot, coupled with the power of SIEM, was an eye-opening adventure. By setting up “sabinus” and carefully observing the login attempts, I gained valuable insights into the techniques employed by hackers worldwide. This experience highlighted the importance of robust security configurations, the need for vigilance, and the power of SIEM in analyzing and responding to security events. Together, these tools can help us stay one step ahead of cybercriminals in our ever-connected digital landscape.

--

--

hackysterio

hAPI Hacker || Technical Writer || Tech Tutor || "Pain from discipline is better than pain from regret"