add baits to sandbox container #586

jossef · 2023-01-19T10:21:31Z

Suggesting adding baits to lure attackers into interacting such as

ssh keys
environment variables with interesting tokens
browser database files
discord
aws credentials and config
.npmrc

In addition to monitoring the interaction with such files, with the visibility #585 can give, observing such sensitive content being exfiltrated to a C2 server, we can add a label in the report such as "EXFILTRATING_SENSITIVE_INFORMATION"

maxfisher-g · 2023-01-20T05:00:33Z

Awesome suggestion @jossef! This is a really good idea.

maxfisher-g added dynamic analysis Issues specific to the implementation of Dynamic Analysis enhancement New feature or request labels Jan 20, 2023

elainechien self-assigned this May 23, 2023

dukecat0 mentioned this issue May 27, 2023

[pypi] setup.py install based cmdclass not executed #369

Open

elainechien mentioned this issue Oct 11, 2023

Add ssh key pair bait to sandbox #916

Merged

elainechien mentioned this issue Nov 1, 2023

Add environment variable baits #948

Merged

thepwagner mentioned this issue Jun 12, 2024

enhancement: github-actions analysis #1055

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add baits to sandbox container #586

add baits to sandbox container #586

jossef commented Jan 19, 2023

maxfisher-g commented Jan 20, 2023

add baits to sandbox container #586

add baits to sandbox container #586

Comments

jossef commented Jan 19, 2023

maxfisher-g commented Jan 20, 2023