Hello and welcome to the Friday, January 9th, 2026 edition of the Sands Inlet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

And this episode is brought you by the sands.edu undergraduate certificate program in applied cyber security.

Well, one of the challenges that we are always faced with when we're looking at all of our honeypot data is that, well, how do we summarize it?

How do we find patterns in the data?

And of course, there are some great tools to do this.

Today, we do have a blog post by Guy who is talking a little bit about how he's using these

tools in order to analyze Honeypot logs. The tool that Guy is using here is Seffi or Jeffie.

I think that's sort of probably how it's being pronounced.

This tool allows you to essentially visualize relationships.

And what Guy did here was look, for example,

at certain IP addresses that are all uploading the same

binary or binaries with the same file name. That, of course, is a good indicator that these

particular IP addresses are part of a particular botnet. Like one particular attack, a botnet that

the key was looking at here was

a redtail. Of course, you could also look at

what IP addresses they're pulling

these binaries from and the like.

So there are a bunch of relationships like this

that you can look at to better understand

the data. This doesn't just

apply to Honeypots, of course. This also

...