Blog Posts Tagged with "HoneyPot"


Ghost USB Honeypot: Interview with Project Leader Sebastian Poeplau

August 27, 2012 Added by:InfoSec Institute

Ghost is a honeypot for detecting malware that spreads via USB devices. It first tries to emulate a USB thumb drive. If the malware identifies it as a USB thumb drive, it will trick the malware into infecting it. Ghost then looks for write based requests on the drive, which is an indication of a malware...

Comments  (1)


Honeypots Can Help Safeguard Your Information Systems

July 10, 2012 Added by:Brent Huston

Honeypots are simple technology intended to be compromised. There is little or no production traffic going to or from the device, so any time a connection is sent it is most likely a probe, scan, or an attack. Any time a connection is initiated from the honeypot, this most likely means it was compromised...

Comments  (0)


Companies Go on the Offensive

June 26, 2012 Added by:Mark Baldwin

Being the victim of an attack is not fun and it is easy to understand why businesses would like to take a more active stance against the attackers. Unfortunately, businesses that go down this path are likely to run into technical and legal problems. Let’s examine some of the possible outcomes...

Comments  (0)


Free Wi-Fi - Friend or Foe? An Infographic

May 25, 2012 Added by:Fergal Glynn

Did you know that this year the number of Wi-Fi connected devices will exceed the world’s population? This incredible statistic highlights the ubiquitous nature of Wi-Fi. However, the convenience of public Wi-Fi practically everywhere comes at the cost of greater risk to users...

Comments  (0)


Jihadi Sites Fall Down, Go Boom... Again

April 08, 2012 Added by:Infosec Island Admin

At first I thought that players in the patriot hacker movement may have been involved, but it seems more so now that all points to a concerted action by governments. The hacking of the sites likely was done via bad installs of PHP and SQL on the boxes that the databases resided on...

Comments  (0)


How They Do IT: Spam Filters

February 08, 2012 Added by:Alan Woodward

The current volumes of spam email are extraordinary. Between 70% and 80% of all email sent are spam. As none of the current methods described here are completely effective, there is still scope for much further research in this area...

Comments  (0)


Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)


Paper Frames Debate on Big Brother in Critical Infrastructure

September 08, 2011 Added by:Chris Blask

The three scenarios exercise the legal issues of government access to information of increasing depth. The first two speak to capabilities that should be further developed -honeynets and continuous monitoring - while the third scenario in part touches on workforce development...

Comments  (1)


Learning USB Lessons the Hard Way

April 20, 2011 Added by:Brent Huston

Our inspection revealed a job in the scheduler set to kick off on Saturdays at 5am and launch this particular malware component which appeared to be designed to grab the cookies from the browser and some credentials from the system and users then throw them out to the host in China...

Comments  (1)


Utilizing Forensics and Honeypots for VoIP Security

February 24, 2011 Added by:J. Oquendo

It's a game of sorting out what possible accounts exist on a machine, and which accounts can have a dictionary attack launched against them. The vast majority of attackers will use yet another SIPVicious tool called svcrack against a machine they've scanned and constructed an account list for...

Comments  (0)


Why Fail2Ban Can Fail With VoIP

January 26, 2011 Added by:J. Oquendo

So an attacker launched a scan, who cares, it happens and even if I outright blacklist him, odds are, he is on a throwaway address or compromised host. Nevertheless he scans. At some point in time, he WILL come across the honeypot I left in plain sight for him...

Comments  (0)


Project Honeypot HTTP Blocklist Module

December 29, 2010 Added by:Rob Fuller

Project Honeypot does an amazing job at keeping detailed information on scanners / harvesters and brute forcers, the likes of which are the daily enemy of said admins. They offer a service called HTTP Block List or 'HTTP:BL'...

Comments  (0)