Curious about BigQuery? This super quick tutorial will help you get started. BigQuery is a Google Cloud Platform service that provides serverless, scalable data analysis fast. This tutorial will discuss the basics of working with BigQuery including how to create datasets and tables, upload information to them, and how to make queries using the BigQuery command-line interface tool bq.


In order to follow along, you’ll need to have done the following:

Create a Temporary Project#

Create a temporary project while you get familiar with BigQuery. Think of a…

Last month, I wrote a post about setting up honeypots on GCP where I stood up a low-interaction SSH honeypot. Since then, I’ve been able to log a few megabytes worth of unauthorized behavior. This post will report on a repeated security event targeting misconfigured MikroTik routers.

Event Behavior

The attacker logs into the honeypot using admin/password and then sends the commands seen below into the honeypot terminal. Several IP addresses have been logged exhibiting the same command entry patterns suggesting botnet activity.

/ip cloud print ifconfig uname -a cat /proc/cpuinfo ps | grep '[Mm]iner' ps -ef | grep '[Mm]iner' ls -la…

Honeypots are useful tools for collecting unauthorized interactions as logs. These logs can be digested to identify new attacking techniques or observe active username/password patterns. In the context of a security team, it could provide actionable information to pre-emptively secure the studied environment.

This tutorial will discuss general SSH honeypot pre-configuration, HoneyTrap installation, logging, and analysis. A docker continer is used to launch a low interaction SSH honeypot HoneyTrap. Check out the HoneyTrap documentation for more information about HoneyTrap and what HoneyTrap can do.

Want to learn more about honeypots first? …

[Difficulty Level: Easy] [Time: <15 minutes] [ Password Cracking ]

This article was written to document my solution to “Lernaean Hydra”, a retired hack the box web Challenge created by Arrexel. This tutorial involves password cracking and a little network packet analysis. Hack the Box is a popular free platform used to build offensive security skills.


This challenge was solved using a Google Cloud preemptible n1-standard-8 instance (8 vCPUs, 30 GB memory) running Ubuntu 18.04 LTS. The packages used in this walk through included openvpn and hydra. …

Gather Adversarial Data using SSH-Honeypot

** This article shows how to build a honeypot using Azure Portal, if you would like to learn more about honeypots before building one read this sister article I wrote: Honeypots Explained: In the Wild and in SecOps.

Start by building a resource group. This will manage all of the resources related to this honeypots as a singular group. My resource group is named “SSHHoneypot001” so that I can tell this resource group contains resources related to SSHHoneypot001. I’ll be deleting all of the resources at once in 30 days so I’ll be putting them all in here together. …

A crash course to using `update-alternatives`

First, check the current python3 version reference with python3:

$ python3 -V
Python 3.6.9

You can have python37 output python 3.7.x (where x is the latest version digit) using update-alternatives. First, install Python 3.7.

$ sudo apt-get install python3.7

To make the change, we’ll be using the tool update-alternatives. For more information about this tool, see the man page man update-alternatives.

man page for `update-alternatives`

A honeypot is a computer configured to be vulnerable in an attempt to log and study unauthorized interactions. Because Internet-facing systems are subject to constant automated attacks, it is important to be aware that any port open to the internet provides a bridge for outside parties to interact with your system. When we leave our honeypots out, we are mimicking signs of vulnerable systems hoping attackers come in and try to execute on their attacks. Think about that next time you’re looking at vulnerability reports. 🙇

Honeypot Uses

Honeypots are used to collect data on attacking behaviors. The attack source, techniques used…

User and Entity Behavior Analytics (UEBA) is the analysis of user and entity behavior data to detect suspicious behaviors associated with security threats. UEBA tools establish baselines where ‘normal’ behavior can be defined and from which unique behavior can be quantified and tracked.

Source: 20th Century Fox Film Corporation

When unusual behavior is detected, the weight of the unusual behavior is determined relative to various entity attributes assigned to the respective user/entity. Additional characteristics, such as asset ownership, can be determined by UEBA tools and weighted appropriately to determine the ‘normalness’ of a logged and/or correlated behavior within the network.

Over time as the tool ingests…

This article serves as a guide to installing and configuring roles on Windows 2016 servers using powershell.

To begin, right-click the Windows Powershell taskbar icon and select “Run as Administrator”. To view Windows features and statuses enter this command into the console:


To install an individual feature the following command syntax is used:

Install-WindowsFeature -Name [feature_name] -[Options] 

Active Directory Role

We will begin by installing the Active Directory role using the following:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools


I write about DFIR, GRC, and defensive security topics.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store