Who's Knocking on Your Door? An Analysis of Exposed Services and Their Risks

This report analyzes automated internet scanning and exploitation of exposed services, showing concrete examples: SSH brute-force intrusions that install persistent keys and attempt environment fingerprinting, HTTP/HTTPS command-injection and remote code execution probes that stage Mirai-style ELF droppers, and out‑of‑band (OAST) blind-RCE tests via Java expression injection. The document includes observed IoCs (source and infrastructure IPs, malicious request patterns and payload URLs), measurements of time-to-first-probe, and a prioritized incident response and long-term mitigation plan (blocklists, hardening SSH/web apps, WAF tuning, egress restrictions, and continuous ASM).