We’re moving from pets to cattle when it comes to infrastructure. How has the adversary adopted? Given servers are ephemeral, stateless and usually well secured, is brute-forcing still a top priority? This talk will identify brute forcing patterns and timing metrics on fully-patched SSH servers in public clouds. It also comes with a twist: what happens when we give them a hint. Are reconnaissance and attacking tools so automated that they ignore useful information?