The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
SSH Brute-Force Attack Detection & Analysis (Wazuh SIEM)
This expands on a previously shared overview of this investigation. Here’s the full breakdown of how I approached it from a SOC perspective.
I recently simulated a controlled SSH brute-force attack on a Windows endpoint monitored through Wazuh SIEM to study how authentication attacks appear in real log data and how they can be detected through correlation.
The goal wasn’t just to “run a lab,” but to actually understand how SOC teams identify abnormal login behavior in noisy authentication logs.
🧪 What the scenario looked like
I set up a simple attack flow that included:
- Basic network discovery to identify the SSH service
- A low-volume dictionary brute-force attempt using a small password set (9 tries via Hydra)
- Authentication attempts against Windows OpenSSH
This was intentionally kept low-noise to mimic a more realistic targeted attack rather than a noisy brute-force flood.
🔍 What stood out in the logs
While analyzing Windows Security Event Logs through Wazuh, I focused on authentication patterns and immediately saw:
- Repeated Event ID 4625 (failed logins)
- Followed by a single Event ID 4624 (successful login)
- Logon Types showing network-based access patterns (Type 8 → Type 3 transition)
What made it interesting wasn’t just the events themselves — it was the pattern between them.
A clean failure → success transition is often one of the strongest brute-force indicators in real SOC environments.
⚠️ Key observation
Even though this was a small 9-attempt simulation, it still produced a clear detection signal.
The pattern showed:
- Consistent failed authentication attempts
- No prior successful baseline activity for that user context
- A sudden successful login immediately after repeated failures
That combination is exactly what SOC analysts look for in brute-force detection scenarios.
🧠 What I learned from this
This exercise helped reinforce how authentication attacks can be detected even when they’re low-volume and not noisy.
More importantly, it showed how much value comes from simple correlation:
failed logins → timing → eventual success.
That’s often enough to flag a real brute-force attempt in a SOC pipeline.
🛡️ MITRE ATT&CK mapping
T1110 – Brute Force
T1078 – Valid Accounts
T1046 – Network Service Discovery
📌 Full breakdown
I’ve documented the full technical workflow, logs, and setup here:
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Related posts
Workflow Quest - An Instrument for Independents.
The Problem
Independent creators and freelancers are overwhelmed by Tool Sprawl, Dashboard Fatigue, and AI Anxiety. Late-night questions like “Am I using the right stack?” or “Is my workflow future-proof?” go unanswered because traditional audits feel like soul-crushing admin work.
The Solution
Workflow Quest transforms dry workflow auditing into a ritualistic, joyful performance — like playing a synthesizer with your operational DNA.
I designed and prototyped a fully interactive, skeuomorphic instrument inside Figma that mimics a high-end Roland JD-Xi hardware unit: desaturated dark wood chassis, physical button depth, glowing indicator LEDs, CRT screen with authentic scanlines, and Web Audio feedback.
How it works
BOOT - Power on with the big red ENGAGE button.
ROLE - Choose your primary operating profile (Designer, Developer, Founder, Marketer, Creator, Hybrid).
SEQUENCE - Build your stack by tapping up to 16 tools from categorized grids with live search. Real-time strand counter and cap enforcement.
CALC - Hit launch and watch the kernel processing sequence with a 140 BPM audio build-up.
RESULTS - Receive your Human Workflow Index (HWI), matched archetype (e.g. Digital Craftsman, Velocity Operator), estimated hourly rate (realistic & capped), and full verified tool stack.
Action Bento - Export/Share, post directly to Discord community, view Leaderboard, get personalized “Missing Strand” suggestions, market-demand insights, AI prompt copy, and leveling tips.
Standout Details Built in Figma
Complete 6-state machine with smooth transitions
Responsive mobile-first layout with locked rows for neurodivergent clarity
Interactive tool sequencer with synergy potential and hard 16-strand limit
Real-time terminal readouts and compiler-style processing log
Beautiful shareable Datacard output (example attached)
Integrated Discord community button for instant sharing & connection
Insight panels that teach optimization and combat AI anxiety
Why this matters
It turns your tool collection from a chaotic list into a visible extension of your craft and identity. It rewards intentional stacks, proves human + AI leverage, and gives creators a prestigious badge they actually want to share.
Live Prototype: https://workflow-quest.figma.site
Figma Community: https://www.figma.com/community/file/1649685026382544146/workflow-quest-an-instrument-for-independents
X Post: https://x.com/mdrafat007/status/2067863323270684849?s=20
Linkedin: https://www.linkedin.com/posts/mdrafat_mohammad-rafat-mdrafat007-on-x-activity-7473629527621939201-W8jM?utm_source=share&utm_medium=member_desktop&rcm=ACoAAA2IV08BNAmBNxKdKo9nZ14s-Y0ftTR1gYs
This project is a love letter to independent builders - blending hardware nostalgia, gamification, digital wellness, and career leverage into one addictive instrument. It’s production-ready in spirit and deeply fun to use.
Extremely open to feedback from the judges and Figma community. If it resonates, I’d be thrilled to see it out in the wild helping other independents.
Built For Independents, Built For You 🔥
#ConfigMakeathon #Figma #Skeuomorphism #WorkflowDesign #CreatorEconomy #IndieHacking
Excellent work brother. 😍
Today is great, as I am able to share another free resource with the community. Meet Wavix - GSAP-powered Webflow Landing page template for Startups looking to launch their AI tool.
Check out the preview or grab it now at - https://www.tomsweb.site/templates/wavix
Hope it's useful and have a nice weekend, y'all! 🙌
DEPARTMENT OF HUMAN VERIFICATION 🗳️
warning: for full experience do the test in the link above, before reading or watching explanation below. No data is stored.
--
I worked in digital privacy for years, and it was hard because the issues are invisible, - you don't feel or see your privacy being violated. That's part of the trick.
Every CAPTCHA watches how you move - your hesitation, your timing, the way your cursor drifts. It just never tells you. This is the same checkpoint except with a narrator. I wanted to make the invisible visible, - just how much data we give away unknowingly.
But surprising to me - looking at the data - it turned out to be really about the thing everyone's panicking about. Am I going to be replaced with ai? The data, after comparing it to ai, turned out to be proof of how important humans are.
Ai needs our hesitation, our failing smiles, the unauthorized blinks, and it can't produce a single one of them on its own. The machine fails this test by being perfect. A human passes it by being, well, human.
--
Built in Figma Make, imagery in Weave, facial detection via MediaPipe - runs entirely in your browser, keeps nothing.
This was a fun proof that artists can execute their ideas fast, with the tools available. The idea took me almost week. I made the website in one afternoon.
Thank you to my friends that tested it out and recorded their first reactions so I can use them in the video 📼
Links: Figma Community, LinkedIn, TikTok.
A deep-dive on making this coming on my Substack next days.
Nice work as usual
Trending
Claude
Claude has entered the design space. How are you using Claude Design?
Contra University
Learn from expert creatives how to earn more using next-gen AI tools.
MagicPath
The canvas is infinite, and exploration is becoming the workflow. How are you using MagicPath?
creativeaiflow
Creative AI workflows are evolving. What tools do you use, and what are their strengths and weaknesses?
freelancerlife
Freelancer life is wins, pivots, and everything in between. What’s yours right now?