Reads: "getting started with, your own darknet".
A buddy of mine and I were talking one day about businesses. Working with them, partnering with them, and more importantly .. starting them. There's a famous saying, "ideas are a dime a dozen, everyone's got one and none of them are of any value". Finally, after years of watching fad's come and go- I get it. Something like 90% of new businesses fail in the first few years, not because their ideas were bad, but because of three things- market timing, money and execution.
Of those three things, you can probably only control one or two of them, execution and money. Execution is a combination of your drive and endurance, it's how you handle the grind if your market timing is, well.. off. If your idea is solid, but you're early- you could spend YEARS (decades?) on something before the market for that service or product is really well defined. If you're able control costs, realize enough profit to keep the lights on each day until the market becomes defined, as the saying goes.. you might outrun the bear. If you get distracted by things that, while good intentioned may not turn a profit TODAY- the bear will probably out run you (and treat you as a tasty snack).
Which brings us to Money.
Some of us (most of us?) live in places where money is relatively expensive. We can probably control execution fairly well (albeit with the occasional side hustle to help keep the lights on), but for the most part, failure is typically a result of not staying profitable enough to either out run the bear- or our fascination with ... oooh shiny. We "trade to big", with an ego about our idea that burns through what capital we have thinking "people will BEND OVER BACKWARDS to give us money!". We put up cash for lots of infrastructure, we spend countless hours on getting the "AI" models "just right" and we spend months on a billing system just to have flip the lights on [at the end of this process] and have zero customers show up. I know- because i've been through all this before. It's a painful life lesson about 'minimum viable products' or "MVPs" (eg: sometimes, something as simple as HTML + PayPalButton == $$$).
I started my first consulting business in ~2008. I had been bashing an idea around in my head about how neat it would be to write a framework, that parsed all the feeds, into a common format.. so I could shove those indicators into an IDS- and thus- work less. Turns out- I spent LITERALLY THE NEXT 10 YEARS FLESHING OUT THAT IDEA, at-least enough so it kinda sorta matched the vision in my head back in 2008. So what did I do to start this company? We pitched the idea to a bunch of friends in higher ed, which found some spare change floating around, I ran down to our local county offices, spent $40 and filed the name "Barely3am", signed a contract and we were off to the races. No logo, no legal team just a simple business registration and a semi-professional looking email address (an idea I may- or may-not have stolen from XKCD). That simple process LITERALLY helped fund the next 10 years of this vision I had. It wasn't until ~2014 that the broader market really started identifying that there was a real market need for "consuming, combining and sharing threat intel" at scale, and really that didn't start maturing until maybe late 2015 (eg: when you could really start making serious money around the idea).
There are lots of side-tangents to this story- but the gist of it boils down to, if you stay small and focus on execution, you have a high likely hood of out running the bear. Of course, the story isn't over yet- but if you buy me a beer sometime, i'll be happy to share more of these as they un-fold, there are some good, there are some really funny bad ones too.
Where are the WoodChucks?
The ideas I fell into nearly ten years ago boil down to a simple fact- my story is no different than most other small businesses. We all have the same struggles, money, time and the most common: 'where do I even start?'. The biggest problem people face, is starting. Everyone thinks: "i'll worry about the business stuff after I figure out my idea" but once the idea is flushed out, they're too burned out to deal with the business stuff. "I'll deal with payments after I deal with the business stuff", which means you never get to do any sort of price discovery around your idea.. is it viable today? or is it going to take 10 years? Traditionally these things have been hard, sure getting a DBA or LLC is relatively easy- but most people get turned off as soon as they start trying to figure out HOW to actually file the ... $99 (or even cheaper if you do it yourself) paperwork? A Logo? "but i'm terrible at photoshop!". Screw it.. my 9-5 grind is OK compared to all THAT effort.. OOOO more reddit!
As my friend and I are sitting there, I start making jokes about how easy it is to get the paperwork out of the way. "It doesn't really matter WHAT you think you're gonna sell, that will change with the market, what matters is that you open the store for business!" (a lesson I learned from staring at Ebay for a few hours one day). Within ~2hours of that conversation, he had a domain name and a logo. He LITERALLY outsourced the logo to some logo-for-hire shop for $25. Shortly there-after, ExplodingWoodchucks was officially born. Whether it succeeds or fails isn't really the point, what matters is most of the administrative overhead is no longer the barrier to entry. They can spend the next 10 years doing price discovery around various aspects of his hobbies with very little overhead (if any). They can stay small and fail fast...
What has CSIRTG enabled them to do?
They prototyped an SSH Honeynet, a darknet and started publishing some of their playbooks. Things like PayPal, Stripe, GoDaddy and Amazon WebServices that drive down the cost of accepting payments, registering brands and running servers. In the security space you need something to not only publish your data, but also write the tools your customers [will] need to actually get and USE your data. You need developers, sysadmins and sales people! (ooof- sales people..). Within a few hours of registering their brand, they were able to actually prototype some ideas to start the next leg of their journey. They didn't have to think about spinning up web-servers, load-balancers or writing custom code (or doc! oof doc..) to make their feeds available to the public. They could tell people- "Here's our darknet, you can start pulling it into your sensors NOW!". It instantly gives them brand recognition and that sense of contribution to the broader "helping to clean up the Internet". It helps them fail fast and figure out the "where do we go from here?", "what's interesting about THIS data that maybe people are willing to pay for?". They could focus on their idea, rather than the commodity things that don't really matter (it's about the data, stupid!).
Now- we all know NOBODY is going to pay for darknet data, not at this scale anyway. Same with SSH scanners, the data is cheap, plentiful and not really that 'secretive'. The bad guys know we have it and the noisy ones don't care. This initial exercise does provide important value though, it enables us to prototype how we MOVE the data and how our customers will make it ACTIONABLE. We're not worried about the data being public, because anyone with an IP from AWS and a t2.nano node can just go get it and do the same thing with it. It gives us a chance to provide value back into the community, while the flexibility to try things in public and fail a few times before we move on to the more valuable data.
Most players in this space fail because they only go after 'the good data' and never try to scale with 'less valuable data', first. They never get a chance to really see both where their infrastructure fails to scale and where the market is- because they're too busy trying to sell the 'really good data'. Should they succeed at this- their infrastructure then nose dives because, well.. they never took any swings in the batting cage with it. They traded too big- and it costs them (in developer hires, sales hires.. equity, etc..).
Remember, I am a trader. I make roughly 3,000 trades a year. I love "markets"... about as much as I love writing code. For me, the most fun I have is when i'm working both of those things, to help YOU run faster. As a threat intel consumer, how much value are you getting for that $10,000 / year feed? As threat intel producer, how much are your developers and sales people cutting into your margins? Are they doing a good job? Do they really have experience as an operator (eg: do they understand your customers)? Do they even know how or why you'd push a threat feed into a Bro cluster? Are you able to accept simple things like PayPal or a credit card? Are your customers able to easily sample your work? Are you both looking for ways to reduce your overhead to stay competitive? Do you have the ability to push threat feeds in realtime? or the necessary tool-sets to help your customers actually USE the data?
.... ExplodingWoodchucks now does.