DEF CON 25 Packet Hacking Village - Tan Kean Siong - Stories from a 15 days SMB Honeypot Mum

z8vPrXFa3Ws/default.jpg

WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expected WannaCry attacked the pot, and interestingly there are more juicy collection than that! In this session, we would like to present the stories from a 15 days SMB honeypot. As a honeypot hobbyist, we deployed an emulated Windows 7 machine which implanted with DoublePulsar backdoor. Yes, a Windows system infected with DoublePulsar! Also, our honeypot is up for the CVE 2017-7494 SambaCry vulnerability. We observed tons of scanning which looks for targets to spread the expected WannaCry ransomware. Surprisingly, there are more juicy collection in the pot, e.g. EternalRocks, Reverse Shell, RAT, DDoSers, Coin Miner, Trojan, etc (you name it you have it!). We love to share various interesting data, with the 15 days observation from a single home-based sensor in the entire IP space.



z8vPrXFa3Ws/default.jpg
DEF CON 25 Packet Hacking Village - Tan Kean Siong - Stories from a 15 days SMB Honeypot Mum DEF CON 25 Packet Hacking Village - Tan Kean Siong - Stories from a 15 days SMB Honeypot  Mum Reviewed by Unknown on January 23, 2018 Rating: 5