By video seven, Cipher was demoing a “honeypot detection script.” He showed how a fake SMB share would respond with a specific latency window. But he accidentally typed the IP of his real internal logging server into the script’s exception list. Anya paused the video. Zoomed. Cropped. The IP resolved to a VPS in Virginia. A quick nmap showed port 22 open, port 443 open, and a self-signed cert with a CN: internal-ids.asterion.local .
Her feed was a masterpiece of corporate performance: “Thrilled to announce my new CEH certification!” (checkmark emoji). “Loved speaking at BSidesSF about zero-trust architectures” (handshake emoji). She had 15,000 connections, a crisp blue banner photo of a server room, and a pinned post about “Building Resilient Defenses.” By video seven, Cipher was demoing a “honeypot
: A broader course featuring a specific lesson on Evading IDS, Firewalls, and Honeypots . Zoomed
Deep in the comments, buried under “Great share, Anya!” and “Can you DM me your slide deck?”, was a single, seemingly innocuous link to a private webinar: “Evading IDS, Firewalls, and Honeypots: A Red Team Perspective.” A quick nmap showed port 22 open, port
: Instructions on using the Security Onion IDS and understanding Snort rules to detect network threats .
