7MS #730: Baby's First Project Swarm

7MS #730: Baby's First Project Swarm

Hey friends! Still your grieving pal over here, but also your swarming friend and Protecting My Network Edge host — because this week I've been tinkering with something called Project Swarm and I've got my diapers on regarding it, but I really, really like what I see so far. Then, fair warning, I flip on the tangent light and verbally barf up some personal stuff at the end. I'll make the hand-off super clear, so if you want your free security podcast to do exactly what you want and nothing else — totally fair, and you won't offend me by hopping off. Here's what we cover:

  • What is Project Swarm? This comes to us from our friends over at GreyNoise. It centers around little sensors you deploy to the edges of your network that you can dress up to look like just about anything — attracting flies to the honey, if you catch my drift. You get more enumeration, insight, and logging into whatever shenanigans those flies are using to poke at your edge.
  • Setup was refreshingly easy: You need a very low-powered VM or hardware device (my understanding is it even works on a Raspberry Pi) mapped to a public IP, plus a free GreyNoise account. You generate an API key, copy-paste a one-line install, and off it goes. I threw mine on a tiny Ubuntu VM.
  • The part where I didn't read the flipping manual: Mid-install my SSH connection dropped and I'm going "what the heck?!" Turns out the installer intentionally moves your real SSH to some arbitrary high port — so you can run a fake SSH honeypot on 22 while your legit connection lives elsewhere. Once I spotted the new port in the console, a quick firewall tweak and I was back in.
  • Profiles give me level 14 giggidies: Once your sensor checks in, you assign it a profile. Vulnerable WordPress, Tomcat, a Cisco AnyConnect VPN, FTP honeypot, SSH honeypot — kind of all the honeypots. I went with a vulnerable WordPress instance. My one complaint: you can only assign one profile per sensor. My dream scenario of an SSH honeypot AND an FTP AND a vulnerable Tomcat all on one box will have to wait (or maybe that'd look too suspicious and scare the baddies off — who knows).
  • The results were wild: Within a couple days I had thousands of connections, several flagged as malicious and tied to known botnets. I could see source IPs, malicious labels, whether they were residential or company or Google, and even download raw packet captures. There's clearly more telemetry to dig into (what people tried to spray into the login portal, etc.) — I meant to go deeper before recording and didn't, so consider this a "to be continued."
  • Why do I care, since I'm not defending some huge infrastructure? Honestly it started as a brain break. But I've been testing a ton of external networks lately and nearly every company site is WordPress — which now powers around 43% of the internet. Running my own WordPress honeypot gives real oomph to those "your out-of-date WordPress is a big deal" conversations, where I can say "I run a WordPress honeypot and here's the aggressive password spraying and plugin/theme enumeration I'm seeing right now."
  • See it, don't just hear it: I show the actual portal, sensor config pages, and more over on 7MinSec.club this week. Why not both, right? It's like that meme. GreyNoise also has a Project Swarm user webinar coming up — check their events page. And to be crystal clear: they are not a sponsor, this is all free, and I just think it's clever.
  • Life update (the tangent portion): About the time you hear this, I'll be on my way to my dad's funeral, where I'm sharing some words and singing a song. I've been practicing like a madman per advice from my music director friend and guitar teacher — including a little brain hack of focusing hard on my fingers to stay a half-step removed from the emotion. And if I cry my face off up there? Who cares. This isn't America's Got Talent; it's the gesture. I'll be honest, 2026 has been a rough one, but I promised two bright spots and here they are: my son Cam (about to finish paramedic school) has been keeping grandpa's spirit alive by wearing my dad's shirts, sunglasses, and Apple watch, and getting a Cessna tattoo with my dad's actual handwriting and birth year. And you all — the kind words, the offers to talk, the shared stories — reminded me there are a whole lot of good people out there. Thank you for that.
  • One more thing on the horizon: My brain's been a squirrel on pixie sticks, but for whatever reason I've been happily grinding the CARTP as a little vacation for my mind. I might take a swing at the exam this week — start it in the evening, grind a few hours, sleep, finish in the morning (I'm too old for 24 hours straight). I might pass, I might fail spectacularly. Either way I'll keep you posted, and if I get the cert, that's probably next week's topic!

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(730)

7MS #729: Pwning Dracarys

7MS #729: Pwning Dracarys

Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we're diving into baby's first Dracarys! (Yes, I'm probably pronouncing that wrong. Yes, I'm going to k...

4 Jul 18min

7MS #728: Securing Your Family During and After a Disaster – Part 8

7MS #728: Securing Your Family During and After a Disaster – Part 8

Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our "Secu...

30 Jun 38min

7MS #727: Securing Your Mental Health – Part 7

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Jun 21min

7MS #726: Baby's First Hermes

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Jun 22min

7MS #725: Building a Bulletproof Backup Solution

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Jun 21min

7MS #724: Tales of Pentest Pwnage - Part 85

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back exter...

29 Mai 30min

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the se...

23 Mai 32min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden-usa
fotballpodden-2
aftenpodden
popradet
forklart
stopp-verden
det-store-bildet
rss-gukild-johaug
hanna-de-heldige
rss-ness
nokon-ma-ga
lydartikler-fra-aftenposten
dine-penger-pengeradet
aftenbla-bla
rss-utenrikskomiteen-med-bogen-og-grasvik
ta-dokumentar
rss-penger-polser-og-politikk
e24-podden
rss-espen-lee-usensurert