#telemetry
4 articles
My Honeypot Dashboard Was Lying to Me for Two Weeks (and I Wrote It)
273,469 events. 2,654 IPs. 54 countries. And a dashboard that confidently told me '7 countries' and '200 sessions' and a graph that quietly hid 95% of the data. The story of shipping v1.9 of ShardLure: not new attacks, but every way a tool misrepresents scale — and how I caught it.
·16 min readI Built a Honeypot Framework, Deployed It for 5 Days, and the Internet Showed Up With Malware and Opinions
119,001 events. 1,120 unique IPs. 16 malware samples. 822 terminal recordings. The same Chinese worm. The same cryptominer. A 29MB botnet propagation binary. And a tool I wrote to make sense of all of it.
·22 min readI Mass-Accepted SSH Logins for 48 Hours and Catalogued Everything That Walked In
38,208 events. 374 unique IPs. 12 malware samples. A self-propagating Chinese worm. A multi-architecture cryptominer. Two competing SSH backdoor campaigns. One very convincing fake server.
·18 min readSSH Under Siege: 30 Days of Brute-Force Telemetry on an Exposed VM 🌐
1,595 brute-force attempts. 64 IPs. 20+ countries. A month of SSH login fails against my Oracle Cloud VM, with a globe to make it look impressive.
·6 min read