Craig Hays

You are here: Home / Archives for investigations

investigations

What Happened When I Leaked My Server Password on GitHub.com

By Leave a Comment

Reading Time: 7 minutes

I deployed a honeypot and ‘accidentally’ leaked a valid SSH username and password into a GitHub repository. This is what happened over the next 24 hours.

Github SSH Honeypot
Photo by Arwin Neil Baichoo on Unsplash

Searching for juicy information in GitHub repositories is nothing new. In the past, I’ve written about mining GitHub for sensitive information and contributed to open source projects that help to automate this process. Having used this technique as an ethical hacker, I was curious to see what it looks like when criminals do it for real with malicious intent.

[Read more…] about What Happened When I Leaked My Server Password on GitHub.com

Inside a Real SMS Phishing Attack (Smishing)

By 4 Comments

Reading Time: 8 minutes

SMS based phishing attacks (Smishing) are a real threat that we see every day. To help you spot them in future, this is how they work.

The start of an SMS Phish (Smish)

A Phishing/Smishing Attack In Action

At 17:52 pm today I received a text message from my mobile phone network, ‘EE’. I picked up the message at 18:08. This is what it said:

[Read more…] about Inside a Real SMS Phishing Attack (Smishing)