Dailydave mailing list archives
Honeypots, 0days, Pickles.
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 18 Oct 2012 14:47:16 -0400
No doubt you also find the constant PR push from CrowdStrike confusing. What in blazes are they talking about when they talk about "going after intruders" and "being offensive". Surely they're not thinking your local bank is going to literally hack the Russian mobsters behind RBN? Their website talks about denial and deception, but these are not typically "offensive" techniques. What is "hostile target dismantling" ? As, I guess the subject line hints at, my guess is that they're building a honeypot. Or rather, honey-network. If you instrument Windows properly and manage to detect a rogue process, you could theoretically hot-migrate it over to a virtual machine with fake data, and then watch it as the attackers use it and see what they try to exfiltrate. Anything is possible, right? It's still mighty confusing when they go to the press constantly and advocate "offensive" operations which are anything but. -dave -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Honeypots, 0days, Pickles. Dave Aitel (Oct 18)