Why?

As many of us in IT, I am exposed to a lot of security presentations where I am told how many thousands cyberattacks there are every day.

I could be cynical and just dismiss those numbers, but what if I were wrong?

The risk is too high, especially given how easy is to verify those.

There are even better reasons why you should consider a honeypot:

• Move one step forward on the kill chain by acting on the reconnaissance stage: You can detect if your network is being a target of a scan and so predict if an attack is…

Detailed instructions on how to deploy the Cowrie honeypot monitored by Splunk.

If you want to observe live and real threat intelligence the best way is probably by deploying a Honeypot.

Here are some step by step instructions that are fully working at the time of writing this article and that should have you gathering data in 30 minutes.

Disclaimer: As of May 2019 there are already many tools out there automating all this process (the Modern Honey Network is a famous one), however most of those tools’ development has been abandoned and the scripts that automate all the process…

See how I played red team/blue team on this simple network security experiment.

Many tutorials out there explain how to perform DNS tunneling but most of them feel like just a compilation of the commands needed to execute it, with almost no explanation on the networking background.

What’s even worse: No one seems to discuss how to prevent DNS tunneling from happening in your network.

1. What is it and why would someone use it:

DNS tunneling is a method used to send data over the DNS protocol, a protocol which has never been intended for data transfer. …