Project suggestion: Mirror attacks

csharp
programming
linux
reverseengineering

(BSD Weirdo) #1

Good day all,

I have a fun project I would like to invest some time into and am interested if anyone would like to join me on the voyage.

Quite simply it is an extension of a honeypot, though one with an odd response.

When an inbound attack is sent it is caught and run through an engine I will design, from there if we have no way to figure out how the payload is attached or what it does, it will be dropped.

However for common things like ssh attacks or shellshocks the attack will be adjusted slightly and sent back to the originator, the idea being that whatever is scanning and attacking has probably been exploited using the same attack.

In the event a reverse attacks succeeds the first thing to be done is establish which process spawned the connection to our machine (which should still be active in most cases) and destroy it. From there if it was using a known attack vector[1] it would be patched, of course the engine that detected that would still remain on that system for a few days to expand the inbound detected attack pool.

If the system is embedded and read only or such, the device would attempt to be destroyed to remove it as a threat from the internet.

Generally what I am suggesting building is a blue team honey pot with red team extensions :slight_smile:

Let me know your thoughts!

[1] A known attack vector that was used to gain access to the machine that we are now connected to! (In most cases this should be simple to diagnose the art is removing whatever malware was installed via it)


(Root) #2

Loved your idea ! In what language would you believe it is better to be developed?


(Command-Line Ninja) #3

Hopefully not perl… :stuck_out_tongue:


(BSD Weirdo) #4

The core would likely be prototyped in csharp or perl but the actual idea is infrastructure based there is no reason anyone could not for instance add a handler for a specific attack vector signature in php or vb :slight_smile: distribution being the king and all


(A Scrub) #5

I would love to help out, but I don’t know how much I could help. XD

Anyways, great idea and ~Cheers!

–Techno Forg–


(BSD Weirdo) #6

That is why it is under a project header my idea is to create this as a general distributed project, when an attack is detected its sig will be distributed to the client list connected. so everyone can write their own retaliatory attack against anything :slight_smile:

Its a community whitehat(kinda) project :smiley:


(BSD Weirdo) #7

I think I will give a small youtube on my plans because who cares, probably with adjoined hangouts so people can join next week, will see if I can rope fraq etc in :slight_smile:


(BSD Weirdo) #8

Whoever kinglucifer was by the time I got your irc message you was offline :slight_smile: but yes still looking for people to get involved with this project


(BSD Weirdo) #9

It seems we have some interest into this project so I will be setting up a private project tracker to it, will repost login details as they become availible


#10

it would be cool when your system start to attack someones server after hacker spoof attack outcome address.