Category Archives: Software Development

Honeypot Results

The results are in!  After one month  I saw 214,442 malicious login attempts to the honeypot:

Telnet made up almost half of these connections, with 99,840.  Followed by SSH (60,964 connections) and VNC with  52,942 connections.  We only saw about 600 HTTP/HTTPS connections, 20 FTP connections, and 10 SOCKS5 connections.

Some interesting statistics were able to be developed based on this.  Keep in mind, the device  never sent a single unsolicited packet outbound.  All of this traffic was scanning for the device.

Also, you can download the full list of username and passwords or the list of attack source IPs to see every password I saw or everyone who tried to attack.

Check this list, if any of your passwords are on it, change them!!

Scripting Google Vault (Export Multiple Users)

I needed to export a few hundred users from Google Vault, and as far as I know there is no public API to do this function!

I created the following BASH script which can do this work.

Google Vault seems to limit you to 15 running export functions at once, so you still have to chunk this up.

First using something like Fiddler or Burp Suite, capture the cookie for your Google session, and the GUID for the matter you want to export the data from.

Then create vault_users.csv which contains each email address you want to export on a single line:

testemail1@google.com
testemail2@google.com
testemail3@google.com

Place this in the same folder as runme.sh

Check out the code here: https://github.com/planetcr/vaultbash/