Blog Posts Tagged with "HoneyPot"

86d8831c7ce6fcda920aac867a984d98

Ghost USB Honeypot: Interview with Project Leader Sebastian Poeplau

August 27, 2012 Added by:InfoSec Institute

Ghost is a honeypot for detecting malware that spreads via USB devices. It first tries to emulate a USB thumb drive. If the malware identifies it as a USB thumb drive, it will trick the malware into infecting it. Ghost then looks for write based requests on the drive, which is an indication of a malware...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Honeypots Can Help Safeguard Your Information Systems

July 10, 2012 Added by:Brent Huston

Honeypots are simple technology intended to be compromised. There is little or no production traffic going to or from the device, so any time a connection is sent it is most likely a probe, scan, or an attack. Any time a connection is initiated from the honeypot, this most likely means it was compromised...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Companies Go on the Offensive

June 26, 2012 Added by:Mark Baldwin

Being the victim of an attack is not fun and it is easy to understand why businesses would like to take a more active stance against the attackers. Unfortunately, businesses that go down this path are likely to run into technical and legal problems. Let’s examine some of the possible outcomes...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Free Wi-Fi - Friend or Foe? An Infographic

May 25, 2012 Added by:Fergal Glynn

Did you know that this year the number of Wi-Fi connected devices will exceed the world’s population? This incredible statistic highlights the ubiquitous nature of Wi-Fi. However, the convenience of public Wi-Fi practically everywhere comes at the cost of greater risk to users...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Jihadi Sites Fall Down, Go Boom... Again

April 08, 2012 Added by:Infosec Island Admin

At first I thought that players in the patriot hacker movement may have been involved, but it seems more so now that all points to a concerted action by governments. The hacking of the sites likely was done via bad installs of PHP and SQL on the boxes that the databases resided on...

Comments  (0)

01ceb9281b3fb3dbb90c3efbe327717e

How They Do IT: Spam Filters

February 08, 2012 Added by:Alan Woodward

The current volumes of spam email are extraordinary. Between 70% and 80% of all email sent are spam. As none of the current methods described here are completely effective, there is still scope for much further research in this area...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)

A966b1b38ca147f3e9a60890030926c9

Paper Frames Debate on Big Brother in Critical Infrastructure

September 08, 2011 Added by:Chris Blask

The three scenarios exercise the legal issues of government access to information of increasing depth. The first two speak to capabilities that should be further developed -honeynets and continuous monitoring - while the third scenario in part touches on workforce development...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)

850c7a8a30fa40cf01a9db756b49155a

Utilizing Forensics and Honeypots for VoIP Security

February 24, 2011 Added by:J. Oquendo

It's a game of sorting out what possible accounts exist on a machine, and which accounts can have a dictionary attack launched against them. The vast majority of attackers will use yet another SIPVicious tool called svcrack against a machine they've scanned and constructed an account list for...

Comments  (0)

850c7a8a30fa40cf01a9db756b49155a

Why Fail2Ban Can Fail With VoIP

January 26, 2011 Added by:J. Oquendo

So an attacker launched a scan, who cares, it happens and even if I outright blacklist him, odds are, he is on a throwaway address or compromised host. Nevertheless he scans. At some point in time, he WILL come across the honeypot I left in plain sight for him...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Project Honeypot HTTP Blocklist Module

December 29, 2010 Added by:Rob Fuller

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...

Comments  (0)