update grammar on post

1 files changed, 13 insertions, 13 deletions

diff --git a/source/_posts/2020-07-18-operation-honeypot-01-ftp-recon.md b/source/_posts/2020-07-18-operation-honeypot-01-ftp-recon.md
index 048ef02..727ed91 100644
--- a/source/_posts/2020-07-18-operation-honeypot-01-ftp-recon.md
+++ b/source/_posts/2020-07-18-operation-honeypot-01-ftp-recon.md
@@ -6,9 +6,9 @@ tags: security
 
 ## Pre-post Drivel
 
-This is the obligatory part of this post where I say, "wow, I have not posted for awhile, I'm going to do better" but in reality I program 8+ hours a day and a lot of times when I get home I'd much rather do something around the house or more creative. However, I do feel that having a good project I can incrementally work on that flexes some of the programming muscles I don't get to use in my day job will be immensely helpful to my development as a software engineer.
+This is the obligatory part of this post where I say, "wow, I haven't posted for a while, I'm going to do better" but in reality, I program 8+ hours a day and a lot of times when I get home I'd much rather get some time away from the computer. However, I do feel that having a good project I can slowly work on in my free time with some technologies I don't normally use could be fun and help expand my skillset.
 
-So, to pick something that interests me and will keep me occupied for awhile? I have always been interested in the security side of programming, and what better way to really understand cutting edge security than making something that's very purpose is to see what people (mostly bots) are currently doing to exploit cloud applications. I am planning to implement most of this in Scala, which I do not use very often, so feel free to email me if you see some real rookie mistakes.
+I have always been interested in the security side of programming, and what better way to understand cutting edge security than to make something that's very purpose is to see what people (mostly bots) are currently doing to exploit cloud applications. I am planning to implement most of this in Scala, which I do not use very often, so feel free to email me if you see some real rookie mistakes.
 
 ## What is a Honeypot anyway?
 
@@ -18,23 +18,23 @@ So, to pick something that interests me and will keep me occupied for awhile? I
 > 1. a container in which honey is kept.
 >     "an earthenware honeypot"
 
-Well, not *that* kind of honeypot..
+Well, not *that* kind of honeypot...
 
-The one I am talking about is a server which mimics real applications in hopes of catching someone attempting to exploit it and documenting the different methods they are using. There are plenty of open-source tools which accomplish this now and you can do something as simple as open [Netcat](http://netcat.sourceforge.net/) on port 80 and see what files people are requesting from your "web server".
+The one I am talking about is a server that mimics real applications in hopes of catching someone attempting to exploit it and logging the different methods that are used. There are plenty of open-source tools that accomplish this now and you can do something as simple as open [Netcat](http://netcat.sourceforge.net/) on port 80 and see what files a hacker is requesting from your "webserver".
 
-That really is, at its core, what a honeypot is. Obviously, things get more complicated. You want to make sure your system does not actually get hacked and you want to build complexity so that attackers can think they are interacting with the system while you record their every move. If they are trying to leverage a command or query a file you do not have, they'll probably just move onto another target and you'll miss out on discovering what their technique really was.  
+That is, at its core, what a honeypot is. Obviously, things can get more complicated. You will want to make sure your system doesn't get hacked and you want your fake application to have complex enough features so a hacker is tricked into thinking they're exploiting a real system and that they're getting the expected results back. If they are trying to leverage a command or query a file you do not have or support, they'll probably just move onto another target and you'll miss out on discovering what their technique was.  
 
 ---
 
 ## First Act - The Trap
 
-So now the question arises, "Which protocol should we mimic to entice attackers?" Well, at first I thought a simple web server would suffice, but that is really open-ended, what would the web page look like? How many endpoints am I going to allow? How do you reply to a request for each endpoint? To get the most attackers it makes sense to mimic popular web frameworks, but then which ones? Wordpress? This seems like something for another day, but what about FTP?
+So now the question arises, "which protocol should we mimic to entice attackers?" Well, at first I thought a simple web server would suffice, but that is open-ended. What would the web page look like? How many endpoints am I going to allow? How do you reply to a request for each endpoint? To get the most attackers it makes sense to mimic popular web frameworks, but then which ones? WordPress? This seems like something for another day, but what about FTP?
 
-The [File Transfer Protocol](https://en.wikipedia.org/wiki/File_Transfer_Protocol) is fairly simple, and has the potential to collect binaries from attackers that can later be analyzed. It's safe to assume that a bot could be attempting to login using the "anonymous" user, and upload binaries to the server. Or possibly just pull credential files from an unsecured FTP server. So really the main things we will need to implement would be file send/receive, and we can probably ignore (for now) most of the other modes and more advanced features which are also supported by different FTP servers.
+The [File Transfer Protocol](https://en.wikipedia.org/wiki/File_Transfer_Protocol) is fairly simple and has the potential to collect binaries from attackers that can later be analyzed. We only need to support sending and receiving functionality, and we can probably ignore (for now) most of the other modes and more advanced features which are also supported by different FTP servers.
 
 ### FTP Primer
 
-We must become familiar with how an FTP server works before we are able to become the FTP server, or whatever Sun Tzu said. So let's find a public FTP server to connect to (you can stand up your own, but their are already configured ones online so why waste the effort?), one such server is `speedtest.tele2.net`. You can try using the `ftp` command which is probably pre-installed on you OS of choice, and see how that works. There is a very good [article on Wired](https://www.wired.com/2010/02/ftp_for_beginners/) that offers a primer on FTP that I would recommend if you aren't too familiar with the protocol.
+We must know how an FTP server works before we can become the FTP server, or whatever Sun Tzu said. So let's find a public FTP server to connect to (you can stand up your own, but there are already configured ones online so why waste the effort?), one such server is `speedtest.tele2.net`. You can try using the `ftp` command which is probably pre-installed on your OS of choice, and see how that works. There is a very good [article on Wired](https://www.wired.com/2010/02/ftp_for_beginners/) that offers a primer on FTP that I would recommend if you aren't too familiar with the protocol.
 
 But we must venture deeper into the inner workings of FTP, so let's gloss over [RFC 959](https://tools.ietf.org/html/rfc959), maybe [RFC 1635](https://tools.ietf.org/html/rfc1635), and attempt to utilize the protocol by hand. I will connect to port 21 (the default for FTP) using Netcat and issue the commands myself.
 
@@ -60,17 +60,17 @@ QUIT
 221 Goodbye.
 ```
 
-So what's actually happening,
+So what's happening,
 
 - - -
 - ME: Open the socket using Netcat.
 - SERVER: Replies with the version information and code 220
   - According to [RFC 959](https://tools.ietf.org/html/rfc959) "220" means "Service ready for new user."
 - ME: USER anonymous
-  - We say we want to login as the "anonymous" user, which is default for a user with no account.
+  - We say we want to login as the "anonymous" user, which is the default for a user with no account.
 - SERVER: 331 Please specify password
 - ME: PASS password
-  - Since we are using the "anonymous" account, all password will be accepted, usually you use your email address.
+  - Since we are using the "anonymous" account, all passwords will be accepted, usually, you use your email address.
 - SERVER: 230 Login successful
 - ME: PWD
   - This is just querying where on the server we currently are.
@@ -83,7 +83,7 @@ The biggest thing to realize is that it is mostly the numbers that each reply st
 
 ### Advanced FTP
 
-There's one last bit of functionality we will need to add in order to properly mimic an FTP server, and that is data transfer. The previous interaction with the server consisted of only interacting with the control port, to do data transfer we either have to listen on a separate port and tell the server to connect to us (active mode), or tell the ftp server to listen on another port and we will connect to that (passive mode). Passive mode is much more common, however I will demonstrate using an active connection.
+There's one last bit of functionality we will need to add to properly mimic an FTP server, and that is data transfer. The previous interaction with the server consisted of only interacting with the control port, to do data transfer we either have to listen on a separate port and tell the server to connect to us (active mode) or tell the FTP server to listen on another port and we will connect to that (passive mode). Passive mode is much more common, however, I will demonstrate using an active connection.
 
 ```console
 dropkick@lugh:~$ nc speedtest.tele2.net 21
@@ -127,7 +127,7 @@ dropkick@lugh:~$ nc -l -p 7333
 drwxr-xr-x    2 103      105         65536 Jul 18 19:46 upload
 ```
 
-As you can see, the data was transferred successfully. This could have been a file and it would have worked similarly. If this was a passive connection we would have instead issued the `PASV` command to the server in the first terminal and it would have replied with a similarly formatted address which we would have connected to in the second terminal. For our honeypot, we will have to implement both of these modes in order to maximize our ability to receive malicious files.
+As you can see, the data was transferred successfully. This could have been a file and it would have worked similarly. If this was a passive connection we would have instead issued the `PASV` command to the server in the first terminal and it would have replied with a similarly formatted address which we would have connected to in the second terminal. For our honeypot, we will have to implement both of these modes to maximize our ability to receive malicious files.
 
 ### Until next time