New project available: GreedyBear
27 Dec 2021 Matteo Lodi featured greedybear honeypots tpot
This year has been a Christmas more tough than usual for a lot of people. The Covid pandemic is rising again all over the world, the security analysts are facing one of the worst ever found software vulnerabilities (referring to Log4j CVE-2021-44228), and so on.
With the goal to help all the community during these hard times, recently we have been working to a new project, called GreedyBear, that you can find on Github.
A … greedy … bear?
Yes. Bears. Greedy Bears. They love honey and honeypots. And these ones are particularly greedy. They want all the honey for themselves…
Joking apart, we have been running a cluster of TPOTs for a while but we struggled to find a way to share the data collected to the community. The new project comes at this point, with the aim to collect the information from the TPOTs and generate some actionable feeds that can be easily leveraged by all the community as a free source of valuable information to prevent or detect attacks.
Right now the data is collected from 2 specific honeypots: Log4Pot and Cowrie. More to come.
Please check out the Github page to get all the details on how to retrieve and how you can use the feeds.
Future
This is just the alpha version of GreedyBear. Our plans are to evolve this project over time and propose it for the upcoming Google Summer of Code of the year to come. If you wish to contribute, please join the Honeynet Slack Channel.
So stay tuned for the next updates! And stay safe during the holidays!