Søjde, høe lich hæ

Rikke Thomsen


Har lyttet til en ny kunstner, som en god kollega anbefalede. 

Hun hedder Rikke Thomsen og er en fantastisk blanding af Alberte's sødme og Allan Olsen finurlige egnsfortællinger, bare flyttet et par hundrede kilometer sydpå til Synnejyllan'.

Lyt for eksempel til "Ballebrovej 2"




SpiderFoot on your own server

"What is SpiderFoot?

SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more. You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other."




If you - like me - sometimes want to run this yourself, I added yet another bash script to do just that.

It's available on Github: https://github.com/martinboller/spiderfoot-build


Dradis Community Edition install on Debian 11

 Dradis Community Edition

In order to be to quickly spin up a Dradis server to be able to collaborate on a pentest automated installation is preferable.




Whether you prefer own data center or cloud, here's [1] a little bash ugliness to do just that on Debian 11 (Bullseye). There's also files to test it using Vagrant and VirtualBox. Just remember that it leaves some nastiness in form of default credentials.


[1]Dradis CE install on Github: https://github.com/martinboller/dradisce-build.git

[2] Dradis Community Edition on Github: https://github.com/dradis/dradis-ce



OpenSSH on Windows 10

PuTTY on the shelf


I prefer using the same toolset across platforms, and as Windows 10 have included OpenSSH for a while, why not put PuTTY on the shelf?

Decommissioning PuTTY will also provide you with the ability to do so much more from the command line, and reuse your scripts from your favorite distro.

It's 3 simple steps (4 if you convert your PuTTY key).

1. Install the OpenSSH Client features

Add-WindowsCapability -Online -Name OpenSSH.Client*

Or from the GUI

  1. Click Start, then choose Settings
  2. Choose Apps from Windows Settings
  3. Click “Manage optional features“
  4. Click “Add a feature“
  5. Choose “OpenSSH Client” and click Install

2. Configure the SSH agent service to start automatically

Get-Service -Name ssh-agent | Set-Service -StartupType Automatic

As the service hasn't really been given the chance to auto-start, go ahead and start it

Start-Service ssh-agent

3. Add the required key(s)

ssh-add C:\Users\<i>username</i>\.ssh\keyname

Example: ssh-add C:\Users\Martin\.ssh\id_ed25519

Optional (if you only have a PuTTY private key)

Use Puttygen to show the actual key and export (force new file format) that

That's all there is to it.


Finally! Internet Explorers obituary (ancient time - June 15th 2022)

Time to celebrate

While a number of services hasn't worked with Internet Explorer for a while, Microsoft finally gave us the EoL date for it.


While the "personalities" that haven't prepared for the inevitable likely still refuse to assess and update or replace old sh1t that require IE (or Flash for that matter), at least we can now give them a deadline they can enjoy watching pass by, then request exceptions filled with bad excuses.

More mature organizations will already have replaced IE and the (few) required exceptions written already.

I wrote about this before:



"The future of IE is Edge": https://blogs.windows.com/windowsexperience/2021/05/19/the-future-of-internet-explorer-on-windows-10-is-in-microsoft-edge/ 

IE not supported on Azure (March 31, 2021): https://azure.microsoft.com/en-us/updates/azure-portal-to-end-support-for-internet-explorer-11-on-march-31-2021/


Book Review: Intrusion Detection HoneyPots, Detection through Deception

Intrusion Detection HoneyPots, Detection through Deception

  • Author: Chris Sanders
  • Publisher : Applied Network Defense (30 Aug. 2020)
  • Language : English
  • Paperback : 238 pages
  • ISBN-10 : 1735188301
  • ISBN-13 : 978-1735188300



Let's get the important stuff out of the way first1)

Cookie Recipe: 🍪🍪🍪🍪🍪

These cookies are very very good. Having to convert from obscure measurements to something for the modern ages (metric) was well worth it.

1) Read the book You must :)

Conclusion: Recommended reading for everyone interested in honeypots, novice or expert.

While I've worked on most of the ideas and products discussed in the book, I really liked the structure and content of the book.
Came away from reading it with a more structured approach to how, when, and where to deploy honeypots - Really wish this book was available when I started messing with honeypots, it would certainly have saved me some time.

Noteworthy (to me)
Chapter 1, A brief History of Honeypots: While a brief chapter on the history of honeypots, it's always great to be reminded of The Cuckoos egg and Berferd, however it gets even better in the following chapters.

Chapter 2, Defining and Classifying Honeypots: As Chris state in the book, "All honeypots are deceptive, discoverable, interactive, and monitored", but not just that, he's also providing a good explanation of what that these characteristics mean and what questions to ask regarding your own deployment. This chapter also gave me a better understanding of Whaleys Deception Taxonomy - I'd say that theory and practice converged and I'll be able to utilize that understanding better going forward.
Chapter 3, Planning Honeypot-Based Detection: See - Think - Do! - Not just the words, but used to explain honeypots very clearly and precisely. Combined with the case study, it really sets the stage. I feel kinda verified, as it confirms (most of) the ideas and principles I've used when deploying honeypots :)
Chapter 4, Logging and Monitoring: Even for someone with extensive experience in logging and monitoring there's still a lot of food for thought in this chapter - not just for honeypots, but in general. I'll be using variations of Chris's "Log plumbing reference framework for logging and monitoring infrastructure" to explain to both business and other colleagues why we've implemented e.g. certificates for encryption and mutual authentication in our logging infrastructure.
Chapter 5, Building Your First Honeypot from scratch: Nice and pragmatic intro to what a honeypot could be, using Netcat (Specifically NCAT from Fyodor).
Chapter 6, Honey Services: No problem, let's just build a Windows based RDP honeypot, a SSH honeypot with Cowrie, and a multi-service honeypot using OpenCanary. Again very concise and clear guidance that takes you most of the way to deploying honeypots.

Chapter 7, Honey Tokens: Read the "From the Threnches" sidebar. Like other chapters the Sigma and Suricata rules are great inspiration.
Chapter 8, Honey Credentials: This chapter goes way further and provides several possible ways of deploying honeytokens. amongst those, an example on how to create a "LLMNR Broadcast Honeypot", rounding the chapter off with some cool awesomeness. One caution, though, I think it is a violation of GDPR to use previous employers accounts as honeytokens as discussed - I might well be wrong (IANAL), but better safe than sorry.
Chapter 9, Unconventional Honeypots: The idea of a DHCP honeypot is cool, not least because it is likely to delay the adversary, however with a lot of potential pitfalls (YOLO). This chapter also covers "cloned website honeytokens", Honey-tables, and more, rounding the chapter off with honey commands using aliases on Linux.
[1] Applied Network Defense: https://www.networkdefense.co/