Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add baits to sandbox container #586

Open
jossef opened this issue Jan 19, 2023 · 1 comment
Open

add baits to sandbox container #586

jossef opened this issue Jan 19, 2023 · 1 comment
Assignees
Labels
dynamic analysis Issues specific to the implementation of Dynamic Analysis enhancement New feature or request

Comments

@jossef
Copy link

jossef commented Jan 19, 2023

Suggesting adding baits to lure attackers into interacting such as

  • ssh keys
  • environment variables with interesting tokens
  • browser database files
  • discord
  • aws credentials and config
  • .npmrc

In addition to monitoring the interaction with such files, with the visibility #585 can give, observing such sensitive content being exfiltrated to a C2 server, we can add a label in the report such as "EXFILTRATING_SENSITIVE_INFORMATION"

@maxfisher-g
Copy link
Contributor

Awesome suggestion @jossef! This is a really good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dynamic analysis Issues specific to the implementation of Dynamic Analysis enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants