this post was submitted on 23 Aug 2023
8 points (100.0% liked)
cybersecurity
3249 readers
9 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A medium interaction SSH honeypot backed by a basic LLM that believes it's bash.
I'm impressed at the ability to retain limited state, and respond 'reasonably enough' that it'll probably allow first stage automated attacks to be captured.. but at the moment, it's way too easy to peer behind the curtain.
It's quite jarring when your bash terminal starts telling you a story about a happy dragon in response to some weird command.
Yep.. sigh
Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts
Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.
If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.
It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.