[Dailydave] Honeypots, 0days, Pickles.
Dave Aitel
dave at immunityinc.com
Thu Oct 18 14:47:16 EDT 2012
No doubt you also find the constant PR push from CrowdStrike confusing.
What in blazes are they talking about when they talk about "going after
intruders" and "being offensive". Surely they're not thinking your local
bank is going to literally hack the Russian mobsters behind RBN? Their
website talks about denial and deception, but these are not typically
"offensive" techniques. What is "hostile target dismantling" ?
As, I guess the subject line hints at, my guess is that they're building
a honeypot. Or rather, honey-network. If you instrument Windows properly
and manage to detect a rogue process, you could theoretically
hot-migrate it over to a virtual machine with fake data, and then watch
it as the attackers use it and see what they try to exfiltrate. Anything
is possible, right?
It's still mighty confusing when they go to the press constantly and
advocate "offensive" operations which are anything but.
-dave
--
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 264 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20121018/23b1d57f/attachment.sig>
More information about the Dailydave
mailing list