That poor bastard would’ve hated me. The first thing I do is saturate the logs and test any shitty monitoring that might be in place.

Honeypots are fragile places, usually. That is why I gave up using simulators and just drop a vanilla image with some lightly masked monitor script or something. Drop your rootkit and botnet keys and GTFO. Fuck key logging. It’s interesting, for sure. Some kind of basic post mortem FIM is usually good enough.

Génial, bon je vais changer mon mdp 123456 de suite ^^’