In pt 1 the goal was just to see the spectrum. Plug things in, fix permissions, log a band, stop being intimidated by waterfalls. This one is about turning that into a map of what actually lives in the air around the house. Every place has two RF layers. Stuff that’s always there and stuff that fires when something happens. Once you can tell them apart, the spectrum stops looking like static and starts looking like an inventory. ...
I finally got around to putting a honeypot on the public side of my home connection. I wasn’t trying to catch APTs. I wanted to see what hits a random residential IP when nothing is hiding it. This is a notes post about standing it up, how it’s contained, and what actually showed up in the logs after a month. Why bother Most threat intelligence I read describes the internet as a battlefield. Every unpatched device is five minutes from compromise. Every IP gets 30,000 probes a day. The numbers are usually correct. They aren’t useful unless you can map them to what your environment looks like. ...
I’ve started digging into RF, meaning anything noisy in the air that my SDR can see. This is a quick log of the first sessions using an RTL-SDR (cheap, RX-only) and a HackRF One (wider bandwidth, TX-capable, which stays off outside a legal setup). This isn’t a decoding write-up. The goal for now is observation: watch the spectrum, log activity, and build something useful. The kit RTL-SDR (RTL2832U + R820T): cheap receive, wide community support, good for learning. HackRF One: wider tuning range, bigger bandwidth, better lab potential. Antennas matter more than most people want to admit. A random wire will pick something up, but it’ll also mislead you. ...