Honeypots mailing list archives
Re: SF new column announcement: Time to Dump IE
From: Patrick Diebold <p.diebold () arcor de>
Date: Wed, 23 Jun 2004 13:53:24 +0200
Hi Ryan, Maybe it's a bit like shooting sparrows with cannons, but "Rational Suite-Testsuite" allows to script the users behaviour - open IE and type url and click buttons etc. The data filled into boxes e.g. can be read from a database (which could contain your URLs) even randomly. You still need a detection mechanism for changes of the system. Probably there are similar Test-Suite that is cheaper? - Patrick Am Mittwoch, 23. Juni 2004 06:08 schrieb Ryan Barnett:
In-Reply-To: <82AEE40F-C087-11D8-A255-000A95B25656 () honeynet org>From: Lance Spitzner <lance () honeynet org> MODERATORS NOTE: What would be interesting is using a 'client' honeypot. Take a clean install of a Win32 system, then have IE on it connect to hundreds of random websites. See if any of the websites makes 'unauthorized' modifications to your 'client' honeypot :)Ahh yes, the HoneyStick idea - http://www.securityfocus.com/archive/119/289303/2004-06-19/2004-06-25/2 Good idea. Anyone have any ideas for automating/randomizing IE to connect to sites? I know that I have been dealing with clients at work who accidently go to websites that have trojans such as Debeski - (http://vil.nai.com/vil/content/v_101057.htm). Once my security team is notified on this type of virus/trojan issues, we use VMware Windows desktops with IE to connect to these same sites and let it infect us to study it. Now the question here is to automate this process and let it act as a spider/robot and let it out on the web to see what sites are doing this type of exploitation... -Ryan
Current thread:
- SF new column announcement: Time to Dump IE Lance Spitzner (Jun 17)
- <Possible follow-ups>
- Re: SF new column announcement: Time to Dump IE Ryan Barnett (Jun 22)
- Re: SF new column announcement: Time to Dump IE Borja Marcos (Jun 23)
- Re: SF new column announcement: Time to Dump IE Patrick Diebold (Jun 23)
- Re: SF new column announcement: Time to Dump IE Nightslave (Jun 24)
- RE: SF new column announcement: Time to Dump IE Andy Streule (Jun 23)