As a full stack engineer, I work with servers and cloud services ALOT. Especially at this startup that’s constantly trying out new things. As a developer working in various system architectures, I wanted to see and understand how systems get hacked while do so in a safe sandbox environment.
Understanding cloud security concepts and the dangers that exists is imperative when protecting enterprise systems containing sensitive data.
I decided to do some research to understand how systems get hacked in a cloud ecosystem. This project is also entertainment for me because I plan to troll these hackers a lot.
Making them work super hard just to find a database full of dad jokes is just plain funny.
The good thing about this is that the more time they spend trying to break into my server the less time they’ll spend messing with someone else’s…like the server that contains your family’s medical records.
I staged a [[How to build a Linux Honeypot Server | Honey Pot server]] and I’m building it to make it look like it belongs to some healthcare or financial organization.
If you don’t know already, a honeypot server is simply a server that is made vulnerable on purpose to learn how cybercriminals attack servers and networks.
These servers can be isolated from the main network to minimize risk, and they typically log all interactions for later analysis.
What I did was, create a new Amazon Linux VM and opened all the ports. Just the defaults while using my private key pair to login via the terminal.
Within hours, I was already able to see failed login attempts.
By running the command  sudo journalctl | grep "Failed I was able to see over 17 failed login attempts within the first few hours of me turning on my server.
Sep 30 13:35:28 ip-*********.ec2.internal systemd[1]: **Failed** to open libbpf, cgroup BPF features disabled: Operation not supportedHackers all around the world automate this process using scripts to run port-scans and password cracking algorhythms.
Why this is scary.
Passwords that may seem decent like F00tbALL3923 may provide some level of protection, but eventually someone who wants the data that bad will eventually crack it. It may take several months, but they can still get in there.
Data breaches can cost you money or land you in prison.
I would hate to be several millions in debt and spending 2 decades sh-tting on a metal toilet because some troll leaked my clients’ healthcare records.
My advice?
- Use at least 16 characters with alphanumeric characters.
- Combine this with MFA/2FA and 30-90 day password resets
- Use recovery keys when available
Too lazy to come up with your own password?
Try this
[https://proton.me/pass/password-generator]
Let's Connect
If you want to get in touch with me about something or just to say hi, feel free to reach out.