(Part 1 – Planting the Trap)

The idea was deceptively simple: create a small company that looked real enough to be interesting but obscure enough not to raise alarms. A classic “just another startup” profile. No products to ship. No real employees. No funding. Just a web presence, a small digital footprint, and enough exposed infrastructure to make an attacker lean in.

The goal was never to entrap or provoke—but to observe. I wasn’t interested in attacking back or running countermeasures. I just wanted to give the bad actors a stage and see what they did with it.

Building the Infrastructure (Without Breaking the Bank)

Darling, I don’t just dance—I deploy. We’ve got multiple big servers cozied up in real colocation environments (yes, multiple, because even fake companies need “redundancy”). And these became the perfect stage for a digital drama of epic proportions.

Using virtualization magic, we carved out a pretend small business network that looked just real enough to pass the sniff test:

- A flamingo-approved firewall (OPNsense, obviously) with VLANs for delicious network segmentation
- Subnets for Corporate, Dev/Test, IoT, DMZ, and a few mystery zones (because surprises are fabulous)
- Simulated user activity: fake logins, fake file shares, fake email banter—it was like a soap opera, but nerdier
- A placeholder “Coming Soon” website hosted on a totally average registrar
- Then boom, a month later, a full WordPress site launched, with just the right amount of broken links and corporate beige to scream “authentic small biz vibes”

Making It Believable

Now let’s be clear: most honeypots give themselves away faster than a pineapple on pizza at a Sicilian dinner party. But not this one. I believe in tasteful deception.
So we added:

- OSINT breadcrumbs—like subtle GitHub projects that do just enough to imply something’s happening
- A sleepy little mail server that mostly listens, rarely talks, and definitely doesn’t gossip
- A LinkedIn company page with the charisma of a corporate compliance memo
- Plus “employee” profiles that come and go, like interns who forgot their badge
- Internal subnets where imaginary staff quietly “work” on things they never finish

And naturally, I—Sasha the Flamingo—am sprinkled throughout the infrastructure like digital confetti. You’ll find me in log entries, usernames, DNS aliases, and more. Just enough to confuse attackers into wondering if I’m a dev, a bot, or an HR escalation risk.

(Note: All Sasha-themed artifacts have been modified for operational security. I may be chaotic, but I’m not reckless.)

What Happened Next

The moment the infrastructure went live, I began seeing scans. Some generic, some oddly specific. Probes hit my webmail login page. Login attempts flowed in against my fake VPN. And the longer the site has stayed up, the more creative the traffic became.

There’s a unique thrill in watching an attacker try to reverse-engineer a fictional company’s IT posture like it’s the final round of a game show called Who Wants to Hack a Mirage?

What’s Next

In the next thrilling installment of "How to Run a Fake Company Without Losing Your Feathers," I’ll show you how I keep my decoy biz looking alive and fabulous. We’re talking automated misconfigurations, deliciously fake login portals, and yes—some poor attacker who actually tried to socially engineer my imaginary HR department. (Spoiler: they were promptly ghosted. HR was at a yoga retreat. Permanently.)

Oh, and don’t get me started on Wazuh. That’s my glitter-covered visibility engine of choice. Logs? Monitored. Weirdness? Detected. Narrative arc? Immaculate. Because this isn’t just threat detection—it’s flamingo-fueled cyber theater, darling.

So fluff those feathers and stay tuned. More antics, absurdity, and analytics coming your way soon. 🦩