I published the following diary on isc.sans.org: “Analyze of a Linux botnet client source code“. I like to play active-defense. Every day, I extract attacker’s IP addresses from my SSH honeypots and perform a quick Nmap scan against them. The goal is to gain more knowledge about the compromised hosts. Most
![SANS ISC](https://blog.rootshell.be/wp-content/uploads/2015/12/isc.jpg)