Good day all,
I have a fun project I would like to invest some time into and am interested if anyone would like to join me on the voyage.
Quite simply it is an extension of a honeypot, though one with an odd response.
When an inbound attack is sent it is caught and run through an engine I will design, from there if we have no way to figure out how the payload is attached or what it does, it will be dropped.
However for common things like ssh attacks or shellshocks the attack will be adjusted slightly and sent back to the originator, the idea being that whatever is scanning and attacking has probably been exploited using the same attack.
In the event a reverse attacks succeeds the first thing to be done is establish which process spawned the connection to our machine (which should still be active in most cases) and destroy it. From there if it was using a known attack vector it would be patched, of course the engine that detected that would still remain on that system for a few days to expand the inbound detected attack pool.
If the system is embedded and read only or such, the device would attempt to be destroyed to remove it as a threat from the internet.
Generally what I am suggesting building is a blue team honey pot with red team extensions
Let me know your thoughts!
 A known attack vector that was used to gain access to the machine that we are now connected to! (In most cases this should be simple to diagnose the art is removing whatever malware was installed via it)