Ssh
Honeypot Diaries: SSH Authorized Keys
Analyzing threat actor activity and malware observed in geographically dispersed honeypots.
Honeypot Diaries: Masscan
A honeypot observations post documenting a threat actor attempting to install and use the masscan port scanner on a compromised host to scan for RDP and SSH targets, with SSH hardening mitigations.
Better Secure Shell (SSH)
This post covers hardening SSH workflows by generating ed25519 and RSA key pairs, deploying public keys, and configuring an SSH client config file with per-host identity files and strong cipher settings.
Honeypot Diaries: Dota Malware
A deep dive into detecting and analyzing the Dota malware campaign.
Ansible User Account Provisioning
This post shows an Ansible playbook for automating new Linux host provisioning by creating user accounts, configuring sudoers, and deploying SSH public keys across home lab and cloud systems.
Tracking SSH Brute-force Logins with Splunk
This post demonstrates using Splunk field extraction and search queries to track SSH brute-force login attempts, identifying the top attacking usernames and source IP addresses via dashboards.