T-minus 10 days!!!
In #CyberSecurity terms, I'm about to deliberately walk into an entirely new threat landscape with no local threat intel, a foreign language I'm still actively patching. The attack surface has changed. The adversaries are now cobblestones, bureaucratic Portuguese, and the very real possibility that I will confidently order the wrong thing at a restaurant and just go with it. Threat level: manageable. Vibes: elevated!!
The honeypots aren't moving. They never do - that's the whole point. They stay scattered where they are, quietly doing their thing, collecting everything. The only thing changing is where the intel gets delivered. Starting April 29th, that's Porto.
I'm a little concerned they're going to start sending it in #Portuguese. 🤷♀️
Half my home lab is already there ahead of me. ZimaBoard, #opnsense the Pis - all running, all waiting, probably judging me for not arriving sooner. Home Assistant is next on the list once I land, which means I get to find out whether my automations survived the relocation or whether I'm about to have a very intimate conversation with Portuguese error messages. Could go either way.
And yes, I'm leaving behind the Chicago "L". The L. An elevated rail system so charmingly held together by decades of deferred maintenance and sheer Chicagoan stubbornness that honestly, it's kind of a security metaphor. I'm going to miss the ambiance of a train that sounds like it's actively negotiating with physics.
The Metro stop is literally across the street from my apartment. It's clean. It's modern. It's quiet. The trains run on time. I don't know how I'll cope. 👀
@sashatheflamingo is excited but has concerns about the cobblestones hurting her feet. I told her she can ride on my shoulder. Problem solved. The flamingo adapts. 🦩
And if you're in the security community and haven't looked at #BSidesPorto yet - June 26th and 27th - I don't know what to tell you except that you're going to miss an awesome event if you don't get your tickets - NOW! And come find me. I'll be the one who showed up 60 days before the conference and is still figuring out which bus/metro train goes where.
The operation doesn't stop. It just changes coordinates. The #honeypots already know. They figured it out before I told them. (That's kind of their whole thing.)
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
mastodon
4.6.0-alpha.7+glitch
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange)
Views are my own, She/Her
0
Followers
0
Following
Joined November 12, 2022
Posts
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
2d ago
3
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Apr 07, 2026
I can't believe it has come to this. 😟
I have lived a good life. A righteous life. I have given more than I have taken. I have held doors open for strangers. I have let people merge in traffic. I have sat through vendor demos with a smile on my face. And yes, fine - there were a couple of speeding tickets, but those were on the highway and everyone was doing it and that's not the point.
The point is: I am good.
I left everything behind. I crossed an ocean. I started fresh in this beautiful country, with its cobblestones and pastéis de nata and the kind of light that makes you believe the universe is basically on your side.
And then. THEN! 😲
I was changing the sheets on my new bed - my beautiful new bed in my beautiful new life - when my nail caught on something and before my brain could even register what was happening, before I could stop it, before God herself could intervene - I removed the tag from the mattress. 😱
The tag. The one that says DO NOT REMOVE. The one backed by the full weight of law and moral authority and whatever shadowy international body governs these things!!!
I just... I stood there holding it. A small rectangle of fabric. A federal crime. 😢
They will come for me. They always come. The Mattress Police don't sleep - ironic, given their jurisdiction - and they are everywhere!! I don't know if it's Interpol. I don't know if it's a dedicated task force. I don't know if my NovoBanco account is already flagged? 😮
I only know one thing.
I should have been more careful with the sheets.
I have lived a good life. A righteous life. I have given more than I have taken. I have held doors open for strangers. I have let people merge in traffic. I have sat through vendor demos with a smile on my face. And yes, fine - there were a couple of speeding tickets, but those were on the highway and everyone was doing it and that's not the point.
The point is: I am good.
I left everything behind. I crossed an ocean. I started fresh in this beautiful country, with its cobblestones and pastéis de nata and the kind of light that makes you believe the universe is basically on your side.
And then. THEN! 😲
I was changing the sheets on my new bed - my beautiful new bed in my beautiful new life - when my nail caught on something and before my brain could even register what was happening, before I could stop it, before God herself could intervene - I removed the tag from the mattress. 😱
The tag. The one that says DO NOT REMOVE. The one backed by the full weight of law and moral authority and whatever shadowy international body governs these things!!!
I just... I stood there holding it. A small rectangle of fabric. A federal crime. 😢
They will come for me. They always come. The Mattress Police don't sleep - ironic, given their jurisdiction - and they are everywhere!! I don't know if it's Interpol. I don't know if it's a dedicated task force. I don't know if my NovoBanco account is already flagged? 😮
I only know one thing.
I should have been more careful with the sheets.
6
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Apr 02, 2026
Google, it's been real.
5.5 years. Started as a Security Engineering Manager in 2020, built Team Flamingo from scratch during COVID (because "EIP-Cloud-PMA" is not a team name, it's an acronym crying for help), and turned it into something special. When I stepped down in 2022 to go back to being a Staff Security Engineer, multiple people told me I was the best manager they'd ever had. I'll take that over any performance review!!
Became Tech Lead for revamping the third-party assessment program - got to work with exceptional FTEs and a ridiculously talented XWF team called Prime. Built things that actually worked. Left with my dignity intact and my head held high.
Now Sasha and I are headed to Porto at the end of the month, and honestly? I'm ready. New country, new challenges, and the freedom to do consulting work without someone questioning why my vendor questionnaire has 30 questions instead of 300.
If you need someone who can transform broken TPRM programs, speak at your conference, or tell you the truth about your security theater - you know where to find me!!
Cheers to what's next. 🦩
Kat & @sashatheflamingo
5.5 years. Started as a Security Engineering Manager in 2020, built Team Flamingo from scratch during COVID (because "EIP-Cloud-PMA" is not a team name, it's an acronym crying for help), and turned it into something special. When I stepped down in 2022 to go back to being a Staff Security Engineer, multiple people told me I was the best manager they'd ever had. I'll take that over any performance review!!
Became Tech Lead for revamping the third-party assessment program - got to work with exceptional FTEs and a ridiculously talented XWF team called Prime. Built things that actually worked. Left with my dignity intact and my head held high.
Now Sasha and I are headed to Porto at the end of the month, and honestly? I'm ready. New country, new challenges, and the freedom to do consulting work without someone questioning why my vendor questionnaire has 30 questions instead of 300.
If you need someone who can transform broken TPRM programs, speak at your conference, or tell you the truth about your security theater - you know where to find me!!
Cheers to what's next. 🦩
Kat & @sashatheflamingo
0
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 27, 2026
Yesterday was fun.
I'm ok. It was my treadmill that tried to kill me.
Both hands got stuck between the track and the base which is hydraulic. Hard to explain. Was trapped for almost 30 mins. Was moving it to sell it.
Biggest issue was I was scared. I was in my basement and trapped stuck with a 150 lbs treadmill and could not move. I finally got one hand free after 10 mins. Then dragged it over to where I could reach a drumstick which I finally used to pry it apart before the drumstick snapped from the hydraulic pressure.
I have soft tissue and nerve damage on 3 fingers and I broke the tip of another finger - it crushed the bone and fractured it. I never knew that was a thing? 🤷♀️
Made new friends at the ER that were almost as frightened as me when I told them how I was trapped. Oh and yes, I sold it later that afternoon.
I'm ok. It was my treadmill that tried to kill me.
Both hands got stuck between the track and the base which is hydraulic. Hard to explain. Was trapped for almost 30 mins. Was moving it to sell it.
Biggest issue was I was scared. I was in my basement and trapped stuck with a 150 lbs treadmill and could not move. I finally got one hand free after 10 mins. Then dragged it over to where I could reach a drumstick which I finally used to pry it apart before the drumstick snapped from the hydraulic pressure.
I have soft tissue and nerve damage on 3 fingers and I broke the tip of another finger - it crushed the bone and fractured it. I never knew that was a thing? 🤷♀️
Made new friends at the ER that were almost as frightened as me when I told them how I was trapped. Oh and yes, I sold it later that afternoon.
1
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 23, 2026
New story drop! “Terms and Conditions” is live!!
Come for Harvestide, stay for the part where everyone realizes they probably should’ve read page 37...
https://docs.google.com/document/d/1voXtGy74ZBHt50_X7YdaPdB2vHx3fmp3YJQ47v8mIRg/edit?usp=sharing
#Noir #CyberSecurity #EULA #PopTarts @sashatheflamingo
Come for Harvestide, stay for the part where everyone realizes they probably should’ve read page 37...
https://docs.google.com/document/d/1voXtGy74ZBHt50_X7YdaPdB2vHx3fmp3YJQ47v8mIRg/edit?usp=sharing
#Noir #CyberSecurity #EULA #PopTarts @sashatheflamingo
1
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 23, 2026
Sasha insisted we co-author this, and honestly, after the weekend she had, I didn’t have the authority to say no. 🦩
- We arrived at @bsidesroc as first-timers
- We left with a suspicious number of new friends, at least three inside jokes, and what I can only assume is the beginning of Sasha’s unofficial “Flamingo Ambassador Program.”
Sasha, for her part, would like it formally noted that:
- She achieved a 100% success rate in attracting delightful humans
- She was questioned about her honeypots approximately 47 times (conservative estimate)
- She may now have more friends in Rochester than I do
Post-conference, we migrated to Bitter Honey, which Sasha has classified as “Tequila Research HQ.”
Extensive… research… was conducted. 👍
Findings include:
- The tequila selection is both impressive and slightly dangerous
- The food is absolutely worth writing home about
- “Quick dinner” is a fictional concept when you’re surrounded by great people
Somewhere between the laughter, the stories, and the “just one more” moments, the night quietly turned into one of those you wish you could bottle. 💃
The flight home added a touch of airborne chaos, with turbulence strong enough to keep everyone seated, including the FAs. Sasha remained calm, mostly because she does not believe in gravity. 🛩️
And now it’s Monday. 🤷♀️
Sasha is back to monitoring global flamingo #honeypot operations.
I’m back to working on my Portugal move.
But we’re both still carrying that post-conference glow, the kind powered by community, connection, and just the right amount of tequila-fueled storytelling!!
Rochester, we’ll be back!!!
- We arrived at @bsidesroc as first-timers
- We left with a suspicious number of new friends, at least three inside jokes, and what I can only assume is the beginning of Sasha’s unofficial “Flamingo Ambassador Program.”
Sasha, for her part, would like it formally noted that:
- She achieved a 100% success rate in attracting delightful humans
- She was questioned about her honeypots approximately 47 times (conservative estimate)
- She may now have more friends in Rochester than I do
Post-conference, we migrated to Bitter Honey, which Sasha has classified as “Tequila Research HQ.”
Extensive… research… was conducted. 👍
Findings include:
- The tequila selection is both impressive and slightly dangerous
- The food is absolutely worth writing home about
- “Quick dinner” is a fictional concept when you’re surrounded by great people
Somewhere between the laughter, the stories, and the “just one more” moments, the night quietly turned into one of those you wish you could bottle. 💃
The flight home added a touch of airborne chaos, with turbulence strong enough to keep everyone seated, including the FAs. Sasha remained calm, mostly because she does not believe in gravity. 🛩️
And now it’s Monday. 🤷♀️
Sasha is back to monitoring global flamingo #honeypot operations.
I’m back to working on my Portugal move.
But we’re both still carrying that post-conference glow, the kind powered by community, connection, and just the right amount of tequila-fueled storytelling!!
Rochester, we’ll be back!!!
0
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 20, 2026
While a good chunk of the security world is migrating en masse to RSA Conference and BSidesSF like packets following the loudest broadcast signal…
Sasha and I have chosen a different route. 🦩
No mega-lines.
No vendor badge bingo.
No fighting for oxygen near the espresso machine (which I will not be drinking anyway).
Instead, we’re heading to BSides Rochester — a con we’ve never been to, which makes it immediately more interesting.
New hallways.
New humans.
New stories waiting to happen.
These are the places where conversations aren’t rushed, where ideas don’t have to compete with a 40-foot LED wall, and where you can actually hear someone say, “wait, show me that again” and mean it.
Sasha is already flapping at operational readiness, prepared to charm, observe, and possibly recruit new flamingo agents into the ever-expanding network.
As for me?
I’m looking forward to the kind of hallway track that turns into three hours of “how did we even get onto this topic” and ends with something genuinely useful.
To everyone heading to the big shows, have fun, stay hydrated, and may your badge scans be swift.
We’ll be over here… discovering something new. 😼
Sasha and I have chosen a different route. 🦩
No mega-lines.
No vendor badge bingo.
No fighting for oxygen near the espresso machine (which I will not be drinking anyway).
Instead, we’re heading to BSides Rochester — a con we’ve never been to, which makes it immediately more interesting.
New hallways.
New humans.
New stories waiting to happen.
These are the places where conversations aren’t rushed, where ideas don’t have to compete with a 40-foot LED wall, and where you can actually hear someone say, “wait, show me that again” and mean it.
Sasha is already flapping at operational readiness, prepared to charm, observe, and possibly recruit new flamingo agents into the ever-expanding network.
As for me?
I’m looking forward to the kind of hallway track that turns into three hours of “how did we even get onto this topic” and ends with something genuinely useful.
To everyone heading to the big shows, have fun, stay hydrated, and may your badge scans be swift.
We’ll be over here… discovering something new. 😼
1
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 18, 2026
GOT MY VISA!!
Villa Nova de Gaia,
Here I Come!!!
Villa Nova de Gaia,
Here I Come!!!
1
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 14, 2026
I love that this is a very popular password on my honeypots - everywhere - "8675309" 🦩
#CyberSecurity #Infosec #Honeypot #DeceptionTech @sashatheflamingo
#CyberSecurity #Infosec #Honeypot #DeceptionTech @sashatheflamingo
7
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 13, 2026
The SSH Key Breadcrumb Trap 🦩
Most honeypots have one fatal flaw: they're too clean.
Empty bash history. Pristine directories. No evidence of actual use. Attackers notice.
So I plant breadcrumbs. 🤷♀️
Realistic bash history. A private SSH key in .ssh/. History showing SSH connections to "other servers" using that key.
Those "other servers"? Also honeypots!
When bots hit my honeypots, they brute force and move on. Boring.
But when a HUMAN does post-compromise recon, finds that key, and tries to pivot to those other servers?
Critical Wazuh alert, because only humans do this!!
Bots don't read history files. They don't hunt for lateral movement opportunities. They don't use found SSH keys.
Standard attacker tradecraft requires checking for keys and using them. If they skip it, they might miss real opportunities. If they follow it, I know I'm dealing with an actual human threat actor.
It's a catch-22. And it works beautifully. (And "@sashatheflamingo Approved")
Full writeup coming to sashatheflamingo.xyz soon!!
#Cybersecurity #HoneyPot #ThreatIntel #Deception
Most honeypots have one fatal flaw: they're too clean.
Empty bash history. Pristine directories. No evidence of actual use. Attackers notice.
So I plant breadcrumbs. 🤷♀️
Realistic bash history. A private SSH key in .ssh/. History showing SSH connections to "other servers" using that key.
Those "other servers"? Also honeypots!
When bots hit my honeypots, they brute force and move on. Boring.
But when a HUMAN does post-compromise recon, finds that key, and tries to pivot to those other servers?
Critical Wazuh alert, because only humans do this!!
Bots don't read history files. They don't hunt for lateral movement opportunities. They don't use found SSH keys.
Standard attacker tradecraft requires checking for keys and using them. If they skip it, they might miss real opportunities. If they follow it, I know I'm dealing with an actual human threat actor.
It's a catch-22. And it works beautifully. (And "@sashatheflamingo Approved")
Full writeup coming to sashatheflamingo.xyz soon!!
#Cybersecurity #HoneyPot #ThreatIntel #Deception
11
0
7
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 10, 2026
Honeypot Thought: Why I Deploy "Student Blogs"
Quick question for my threat intel peeps:
When attackers compromise infrastructure, are they always going after your crown jewels, or are they looking for something else entirely?
Hint: A medical student's personal blog - hosted on cheap VPS because university IT policies are restrictive - might be more valuable to an attacker than you think. 😉
Not because of what's ON it, but because of what they can DO with it!!
Cheap hosting. College/University nearby. SSH & FTP access because that's how the student "updates" their site. Perfect pivot point. 🦩
More on this coming SOON!
But if you're only thinking about honeypots as "fake business infrastructure," you're missing a huge piece of the attacker playbook!!
@sashatheflamingo #cybersecurity #infosec #ThreatIntel #honeypot
Quick question for my threat intel peeps:
When attackers compromise infrastructure, are they always going after your crown jewels, or are they looking for something else entirely?
Hint: A medical student's personal blog - hosted on cheap VPS because university IT policies are restrictive - might be more valuable to an attacker than you think. 😉
Not because of what's ON it, but because of what they can DO with it!!
Cheap hosting. College/University nearby. SSH & FTP access because that's how the student "updates" their site. Perfect pivot point. 🦩
More on this coming SOON!
But if you're only thinking about honeypots as "fake business infrastructure," you're missing a huge piece of the attacker playbook!!
@sashatheflamingo #cybersecurity #infosec #ThreatIntel #honeypot
4
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 09, 2026
Honeypot Deployment Pro Tip: Let Them Think They're Winning
Want to know a dirty little secret about honeypot deployment that I've been using for years?
When you spin up a new production server with SSH access, don't immediately lock it down behind a non-standard port. Let it sit on port 22 running your actual SSH daemon for the first 4-6 weeks.
Let the attackers find it. Let them probe it. Let them catalog it in their target lists as "real infrastructure worth attacking."
Then, after they've committed you to memory:
Move your real SSH to a non-standard port. Deploy OpenCanary SSH on port 22 configured to match the EXACT version banner of whatever you were running before.
Now here's the magic: The attackers think they're still hitting the same production system. But you're collecting every username and password combination they try. They don't know they've been demoted from "attacking production" to "feeding your threat intelligence."
It's totally deceptive. They invested weeks cataloging your server. They're not going to just give up because you didn't respond the way they expected.
I've been running this technique for years across my global honeypot network. Works every single time.
Remember to match the SSH version banner exactly - down to the patch level. OpenSSH 8.2p1 vs 8.2p2 matters to some scanners. Make it identical.
This is how you turn production infrastructure into long-term intelligence gathering without anyone noticing the transition.
You're welcome. 🦩
@sashatheflamingo #cybersecurity #infosec #honeypot #deceptiontech
Want to know a dirty little secret about honeypot deployment that I've been using for years?
When you spin up a new production server with SSH access, don't immediately lock it down behind a non-standard port. Let it sit on port 22 running your actual SSH daemon for the first 4-6 weeks.
Let the attackers find it. Let them probe it. Let them catalog it in their target lists as "real infrastructure worth attacking."
Then, after they've committed you to memory:
Move your real SSH to a non-standard port. Deploy OpenCanary SSH on port 22 configured to match the EXACT version banner of whatever you were running before.
Now here's the magic: The attackers think they're still hitting the same production system. But you're collecting every username and password combination they try. They don't know they've been demoted from "attacking production" to "feeding your threat intelligence."
It's totally deceptive. They invested weeks cataloging your server. They're not going to just give up because you didn't respond the way they expected.
I've been running this technique for years across my global honeypot network. Works every single time.
Remember to match the SSH version banner exactly - down to the patch level. OpenSSH 8.2p1 vs 8.2p2 matters to some scanners. Make it identical.
This is how you turn production infrastructure into long-term intelligence gathering without anyone noticing the transition.
You're welcome. 🦩
@sashatheflamingo #cybersecurity #infosec #honeypot #deceptiontech
29
0
16
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 06, 2026
Friday lunch experiment.
New café. Good food. Phone propped up on the table with the Wazuh dashboard glowing like a tiny command center. 🦩
Instead of doomscrolling the news, I’m watching my honeypots.
Every few seconds another line rolls in:
- Somewhere: SSH spray
- Somewhere else: WordPress exploit from 2016
- And just now… a heroic attempt at admin / admin
The attackers believe they’re hunting servers.
In reality they’ve wandered into a carefully arranged terrarium where everything they do gets logged, labeled, and occasionally laughed at.
The café thinks I’m checking messages.
Meanwhile I’m quietly watching the internet’s least productive fishing expedition unfold in real time while eating lunch.
Honestly, this might be the best monitoring interface ever invented:
Good food.
A glass of prosecco.
And attackers enthusiastically hacking machines that exist purely to waste their afternoon.
#cybersecurity #infosec #honeypot
New café. Good food. Phone propped up on the table with the Wazuh dashboard glowing like a tiny command center. 🦩
Instead of doomscrolling the news, I’m watching my honeypots.
Every few seconds another line rolls in:
- Somewhere: SSH spray
- Somewhere else: WordPress exploit from 2016
- And just now… a heroic attempt at admin / admin
The attackers believe they’re hunting servers.
In reality they’ve wandered into a carefully arranged terrarium where everything they do gets logged, labeled, and occasionally laughed at.
The café thinks I’m checking messages.
Meanwhile I’m quietly watching the internet’s least productive fishing expedition unfold in real time while eating lunch.
Honestly, this might be the best monitoring interface ever invented:
Good food.
A glass of prosecco.
And attackers enthusiastically hacking machines that exist purely to waste their afternoon.
#cybersecurity #infosec #honeypot
4
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Mar 04, 2026
Threat Intelligence Update: The Placeholders Have Escaped
4am. Sugar Free Red Bull. Honeypot logs. My daily ritual.
Portugal honeypots have been running for about 5 weeks now. Had some wild early weeks (Germany at 62 attacks/min, interact.sh OAST domains as usernames), then things settled into "normal" internet chaos for the past two weeks.
I got comfortable. That was my mistake.
TODAY'S NEW USERNAME ATTEMPTS ACROSS 12 HONEYPOTS:
[UPLOGIN] [LOGIN] [CAPSLOGIN]
WITH THE BRACKETS. HUNDREDS OF ATTEMPTS!!
Someone's scanner is trying to authenticate using LITERAL PLACEHOLDER TEXT. This is the cybersecurity equivalent of submitting a form with "Enter Name Here" still in the field.
Somewhere, a developer wrote:
username = [LOGIN] # TODO: replace before deploying
And then just... didn't. And it sat dormant somewhere. And TODAY it woke up and decided to hit 12 of my honeypots with VARIABLE NAMES IN BRACKETS.
The Complete Evolution of Username Degradation:
- Week 1: admin, root → competent
- Week 2: "page not found" → confused
- Week 3: "1" → tired
- Week 3+: "11" → broken
- Week 4: "{{username}}" → template failure
- Week 4+: "schwitthair" → existential
- Week 5: "3A4QaQg2wttMFAjksTldi6DyNDU@interact.sh" → OAST crisis
- Weeks 6-7: relatively normal
- Week 8 (TODAY): [UPLOGIN], [LOGIN], [CAPSLOGIN] → THE PLACEHOLDERS HAVE ACHIEVED SENTIENCE
Just when you think the internet has shown you everything, it finds new and creative ways to be broken. I don't run honeypots. I document the slow unraveling of automated attack infrastructure in real-time.
The bots are not okay. They will never be okay. And stop saying AI is going to change everything!!
#Cybersecurity #HoneyPot #Portugal #ThreatIntel #TODORemoveBeforeShipping #TheBotsAreNotOkay
4am. Sugar Free Red Bull. Honeypot logs. My daily ritual.
Portugal honeypots have been running for about 5 weeks now. Had some wild early weeks (Germany at 62 attacks/min, interact.sh OAST domains as usernames), then things settled into "normal" internet chaos for the past two weeks.
I got comfortable. That was my mistake.
TODAY'S NEW USERNAME ATTEMPTS ACROSS 12 HONEYPOTS:
[UPLOGIN] [LOGIN] [CAPSLOGIN]
WITH THE BRACKETS. HUNDREDS OF ATTEMPTS!!
Someone's scanner is trying to authenticate using LITERAL PLACEHOLDER TEXT. This is the cybersecurity equivalent of submitting a form with "Enter Name Here" still in the field.
Somewhere, a developer wrote:
username = [LOGIN] # TODO: replace before deploying
And then just... didn't. And it sat dormant somewhere. And TODAY it woke up and decided to hit 12 of my honeypots with VARIABLE NAMES IN BRACKETS.
The Complete Evolution of Username Degradation:
- Week 1: admin, root → competent
- Week 2: "page not found" → confused
- Week 3: "1" → tired
- Week 3+: "11" → broken
- Week 4: "{{username}}" → template failure
- Week 4+: "schwitthair" → existential
- Week 5: "3A4QaQg2wttMFAjksTldi6DyNDU@interact.sh" → OAST crisis
- Weeks 6-7: relatively normal
- Week 8 (TODAY): [UPLOGIN], [LOGIN], [CAPSLOGIN] → THE PLACEHOLDERS HAVE ACHIEVED SENTIENCE
Just when you think the internet has shown you everything, it finds new and creative ways to be broken. I don't run honeypots. I document the slow unraveling of automated attack infrastructure in real-time.
The bots are not okay. They will never be okay. And stop saying AI is going to change everything!!
#Cybersecurity #HoneyPot #Portugal #ThreatIntel #TODORemoveBeforeShipping #TheBotsAreNotOkay
10
0
2
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Feb 26, 2026
Tomorrow at 1PM at BSidesSeattle, come see:
Cloud Misconfigurations: Oh look something fluffy, poke poke poke
(also known as: Permission Granted: How Misconfiguration Became the Breach)
Yes, it starts fluffy.
No, it does not stay fluffy.
I’ll talk about:
- Why most cloud “breaches” don’t require elite attackers
- The Top 10 Ways We Grant Permission
- The Toxic Trilogy in the wild
- And how Policy as Code turns “please don’t” into “not allowed”
If you’ve ever opened a security group “just temporarily”…
This talk is about you!!
1PM. Post-lunch. Bring your coffee. @sashatheflamingo will bring the tequila!!
#CyberSecurity #CloudSecurity #BSidesSeattle #infosec
Cloud Misconfigurations: Oh look something fluffy, poke poke poke
(also known as: Permission Granted: How Misconfiguration Became the Breach)
Yes, it starts fluffy.
No, it does not stay fluffy.
I’ll talk about:
- Why most cloud “breaches” don’t require elite attackers
- The Top 10 Ways We Grant Permission
- The Toxic Trilogy in the wild
- And how Policy as Code turns “please don’t” into “not allowed”
If you’ve ever opened a security group “just temporarily”…
This talk is about you!!
1PM. Post-lunch. Bring your coffee. @sashatheflamingo will bring the tequila!!
#CyberSecurity #CloudSecurity #BSidesSeattle #infosec
2
0
0
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Dec 08, 2025
BREAKING: Crazy cybersecurity professional and tequila Catadora finally stops TALKING about making YouTube videos and actually... might do it??
If the tech gods smile upon me (and my homelab doesn't spontaneously combust), I'll be dropping my first homelab video over the holidays!
Expect: questionable cable management, enthusiastic hand gestures, some really good tequila and way too much detail about things that probably don't matter but I'm excited about anyway!!
Special thanks to my production assistant @sashatheflamingo who will undoubtedly steal the show and contribute more technical expertise than any flamingo should!! 🦩
Stay tuned. Or don't. But like, please do. The imposter syndrome is REAL!!!
#Cybersecurity #homelab #honeypot #infosec #firsttimeyoutuber
If the tech gods smile upon me (and my homelab doesn't spontaneously combust), I'll be dropping my first homelab video over the holidays!
Expect: questionable cable management, enthusiastic hand gestures, some really good tequila and way too much detail about things that probably don't matter but I'm excited about anyway!!
Special thanks to my production assistant @sashatheflamingo who will undoubtedly steal the show and contribute more technical expertise than any flamingo should!! 🦩
Stay tuned. Or don't. But like, please do. The imposter syndrome is REAL!!!
#Cybersecurity #homelab #honeypot #infosec #firsttimeyoutuber
4
0
2
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Sep 28, 2025
What. A. Day.
Yesterday at BSidesNewcastle I started out working check-in for the first three hours, happily scanning badges and saying hi to everyone rolling in. Easy start, right? Except… at 10am, one of the other organizers casually asks, “Are you ready for your 12:30?”
Wait. My WHAT?! 😳
Apparently, I was scheduled to give my brand-new talk “Going Solo: Thriving as a Single Professional in Cybersecurity” at 12:30. No slides. No deck. No practice run. Cue me checking people in while feverishly building a presentation on my laptop. By 11:30 I had something stitched together, plugged in at 12:30 sharp, and… walked into a PACKED room. People sitting on the floor. No one left. I got emotional a few times, but at the end, so many came up to thank me. Honestly? It was overwhelming in the best way.
Then at 5pm, I closed out the day with my scheduled locknote on Cloud Misconfigurations. Smooth, fun, and the perfect way to wrap up.
BSides Newcastle—thank you. For the friends, the hugs, the chaos, the love, and the reminder that sometimes the best talks are the ones you didn’t know you were giving. 🦩
And @sashatheflamingo had an amazing day, giving out new stickers, making new friends and giving away baby flamingos at the end. She of course is the rock star, I'm just her handler.
#BSidesNewcastle #BSidesNCL #BSidesChicago #FlamingoUprising #CyberSecurity
Yesterday at BSidesNewcastle I started out working check-in for the first three hours, happily scanning badges and saying hi to everyone rolling in. Easy start, right? Except… at 10am, one of the other organizers casually asks, “Are you ready for your 12:30?”
Wait. My WHAT?! 😳
Apparently, I was scheduled to give my brand-new talk “Going Solo: Thriving as a Single Professional in Cybersecurity” at 12:30. No slides. No deck. No practice run. Cue me checking people in while feverishly building a presentation on my laptop. By 11:30 I had something stitched together, plugged in at 12:30 sharp, and… walked into a PACKED room. People sitting on the floor. No one left. I got emotional a few times, but at the end, so many came up to thank me. Honestly? It was overwhelming in the best way.
Then at 5pm, I closed out the day with my scheduled locknote on Cloud Misconfigurations. Smooth, fun, and the perfect way to wrap up.
BSides Newcastle—thank you. For the friends, the hugs, the chaos, the love, and the reminder that sometimes the best talks are the ones you didn’t know you were giving. 🦩
And @sashatheflamingo had an amazing day, giving out new stickers, making new friends and giving away baby flamingos at the end. She of course is the rock star, I'm just her handler.
#BSidesNewcastle #BSidesNCL #BSidesChicago #FlamingoUprising #CyberSecurity
8
0
1
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
ʇɐʞlᴉʌƎ 🇺🇦🌈 is rnbwkat
@rnbwkat@infosec.exchange
Drummer, hacker, defender against rogue IoT (especially toasters), Skydiver, photographer, lover of fine tequilas, honeypots & Dancing Flamingos. BsidesChicago Lead (bsideschicago@infosec.exchange) Views are my own, She/Her
infosec.exchange
@rnbwkat@infosec.exchange
·
Aug 25, 2025
🚨 It’s here: the BSidesChicago 2025 Workshops lineup! 🚨
From full-day pro trainings to community-powered hands-on sessions, our Workshop Day (Fri, Oct 31) is going to be an absolute blast. 💻🔧
👉 Browse the full lineup now: bsideschicago.org/workshops
⚠️ Each workshop has separate pricing + registration, and seats are limited. Registration will open Wednesday, Aug 27th, 13:30 CDT!!
#BSidesChicago #FlamingoUprising #CyberSecurity @bsideschicago
From full-day pro trainings to community-powered hands-on sessions, our Workshop Day (Fri, Oct 31) is going to be an absolute blast. 💻🔧
👉 Browse the full lineup now: bsideschicago.org/workshops
⚠️ Each workshop has separate pricing + registration, and seats are limited. Registration will open Wednesday, Aug 27th, 13:30 CDT!!
#BSidesChicago #FlamingoUprising #CyberSecurity @bsideschicago
2
0
2