The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...

A complete cybersecurity research collection based on real-world attack data, combining multiple studies on attacker behavior, honeypots, malware, botnets and network intrusion analysis
Bought separately
$184
Minimum price
$79.00
$109
About the Bundle
This bundle collects a series of cybersecurity research publications based on real-world attack data analyzed through SSHLab Research monitoring infrastructure.
The included books focus on different aspects of attacker behavior observed in live environments, including SSH brute-force campaigns, Telnet botnet activity, malware delivery mechanisms, multi-service honeypot telemetry, and network-level intrusion detection.
Together, these works form a structured threat intelligence collection that connects individual attack vectors into a broader understanding of adversary behavior across systems.
This is not a bundle of theoretical guides or tutorials. It is a consolidated set of empirical cybersecurity research based on real attack data observed in production environments.
The bundle is intended for cybersecurity practitioners, SOC analysts, threat intelligence researchers, and professionals working with real-world adversary behavior analysis
About the Books
This book is based entirely on real-world SSH attack data collected from live honeypot systems and operational monitoring infrastructure.
It analyzes how automated brute-force campaigns behave in practice — including scanning patterns, credential guessing strategies, and post-compromise activity observed in real attack environments.
This is not a theoretical cybersecurity guide. It does not describe hypothetical scenarios or textbook examples. All findings are derived from actual attacker activity observed in production systems operated by SSHLab Research.
The research focuses on real attack behavior, including:
The data used in this book comes from SSHLab Research monitoring infrastructure, including:
This book is intended for cybersecurity practitioners, SOC analysts, security researchers, and anyone studying real-world network attacks and defensive strategies
This book is based on real-world cybersecurity data collected through OpenCanary honeypot deployments and SSHLab Research monitoring infrastructure.
It focuses on analyzing attacker behavior observed in live environments, including scanning activity, intrusion attempts, and automated exploitation patterns across multiple network services.
This is not a guide on how to deploy or configure honeypots. Instead, it presents empirical findings derived from real adversary activity captured in operational monitoring systems.
The research in this book is based on:
The goal of this book is to provide structured, evidence-based cybersecurity insights derived from real attack data rather than simulated environments.
This book is intended for cybersecurity practitioners, SOC analysts, security researchers, and technical readers working with real-world threat intelligence and attack data
This book is based on real-world cybersecurity data collected through Dionaea honeypot deployments and SSHLab Research monitoring infrastructure.
It focuses on analyzing malware collection activity and exploitation attempts observed in live environments, with emphasis on how attackers deliver payloads and interact with exposed services.
This is not a guide on how to deploy or configure Dionaea honeypots. Instead, it presents empirical findings derived from real malicious activity captured in operational monitoring systems.
The research in this book is based on:
The goal of this book is to provide structured, evidence-based cybersecurity insights derived from real attack data rather than simulated or theoretical scenarios.
This book is intended for cybersecurity practitioners, malware analysts, SOC teams, and security researchers working with real-world threat intelligence and malicious traffic analysis
This book is based on real-world cybersecurity data collected through Telnet honeypot deployments and SSHLab Research monitoring infrastructure.
It focuses on analyzing attacker behavior observed in live Telnet environments, including automated scanning, credential-based attacks, and bot-driven exploitation attempts targeting exposed services.
This is not a guide on how to deploy or configure Telnet honeypots. Instead, it presents empirical findings derived from real adversary activity captured in operational monitoring systems.
The research in this book is based on:
The goal of this book is to provide structured, evidence-based cybersecurity insights derived from real attack data rather than simulated scenarios.
This book is intended for cybersecurity practitioners, SOC analysts, security researchers, and professionals working with network security, botnet analysis, and threat intelligence
This book is based on real-world cybersecurity data collected through Suricata network intrusion detection systems and SSHLab Research monitoring infrastructure.
It focuses on analyzing malicious network traffic observed in live environments, including intrusion attempts, scanning activity, exploit patterns, and protocol-level attack behavior captured at the network layer.
This is not a guide on how to deploy or configure Suricata. Instead, it presents empirical findings derived from real-world network telemetry and attack traffic observed in operational monitoring systems.
The research in this book is based on:
The goal of this book is to provide structured, evidence-based cybersecurity insights derived from real network attack data rather than simulated or lab-based scenarios.
This book is intended for cybersecurity practitioners, SOC analysts, detection engineers, and security researchers working with network security monitoring and threat detection systems
This book is based on real-world cybersecurity data correlation across multiple monitoring systems operated by SSHLab Research, including honeypots, intrusion detection systems, and network telemetry sources.
It focuses on correlating attacker behavior observed across different data sources, including intrusion attempts, scanning activity, malware delivery, and network-level attack patterns.
This is not a theoretical guide or a description of security tools. Instead, it presents empirical findings derived from cross-source analysis of real-world adversary activity.
The research in this book is based on:
The goal of this book is to provide advanced, evidence-based cybersecurity insights by connecting disparate data sources into a unified view of attacker behavior.
This book is intended for experienced cybersecurity practitioners, threat intelligence analysts, detection engineers, and researchers working with multi-source security data correlation
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.
Learn more about writing on Leanpub
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!
Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.
Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.