#honeypot
4 articles
Deploy Your Own SSH Honeypot in 10 Minutes with ShardLure
A step-by-step guide to standing up a Cowrie SSH honeypot with the ShardLure intel dashboard on a fresh VPS — from copying your SSH key to a spinning globe of attacker traffic. One command, no lockout stories.
·11 min readMy Honeypot Dashboard Was Lying to Me for Two Weeks (and I Wrote It)
273,469 events. 2,654 IPs. 54 countries. And a dashboard that confidently told me '7 countries' and '200 sessions' and a graph that quietly hid 95% of the data. The story of shipping v1.9 of ShardLure: not new attacks, but every way a tool misrepresents scale — and how I caught it.
·16 min readI Built a Honeypot Framework, Deployed It for 5 Days, and the Internet Showed Up With Malware and Opinions
119,001 events. 1,120 unique IPs. 16 malware samples. 822 terminal recordings. The same Chinese worm. The same cryptominer. A 29MB botnet propagation binary. And a tool I wrote to make sense of all of it.
·22 min readI Mass-Accepted SSH Logins for 48 Hours and Catalogued Everything That Walked In
38,208 events. 374 unique IPs. 12 malware samples. A self-propagating Chinese worm. A multi-architecture cryptominer. Two competing SSH backdoor campaigns. One very convincing fake server.
·18 min read