Been deploying a bunch of quick honeypots recently, for commonly exploited services, with a particular focus on having proper logging configured which is often an afterthought; first one going to quickly write about is MongoDB. I don’t imagine this blogpost will contain anything ground breaking (“ransom” of exposed mongoDB’s are well documented in terms ofContinue reading “I left an unsecured MongoDB up for 2 months…heres how it went”
Author Archives: pr0t3an1
Mark-of-the-Web (MOTW) – from a DFIR & Detection Perspective
Background I was recently reviewing some Windows Defender logs and noticed that many of the detections had file origin information and not just the MOTW ADS Zone identifier, had seen these before and largely forgot it existed. Quick bit of googling later and really didn’t get a huge amount of information back on this (fundamentallyContinue reading “Mark-of-the-Web (MOTW) – from a DFIR & Detection Perspective”
Dfur 