Tag: honeypot

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Honeypot

Honeypot Linux distribution

HoneyDrive is the premier honeypot Linux distro. It is a virtual appliance (OVA) with Xubuntu Desktop 12.04.4 LTS edition installed. It contains over 10 pre-installed and pre-configured honeypot software packages such as Kippo SSH honeypot, Dionaea and Amun malware honeypots, Honeyd low-interaction honeypot, Glastopf web honeypot and Wordpot, Conpot SCADA/ICS honeypot, Thug and PhoneyC honeyclients …

Honeypot

Targeted geolocation and tracking

HoneyBadger is a framework for targeted geolocation. HoneyBadger is used to identify the physical location of a web user using a combination of geolocation techniques using a browser’s share location feature, the visible WIFI networks, and the IP address. The associated Metasploit Framework modules can be found here. Prerequisites — PHP — Python — SQLite3 …

Security, WEB

Detect, record and prevent attacks on web applications

Shadow Daemon is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability. Download The Shadow Daemon web application …

Honeypot, Malware Analysis

Glastopf – Web Application Honeypot

Glastopf is a Honeypot which emulates thousands of vulnerabilities to gather data from attacks targeting web applications. The principle behind it is very simple: Reply the correct response to the attacker exploiting the web application. This tool is designed to capture information on the latest web application attacks using a scalable and easy to deploy …

Honeypot, Malware Analysis

A Simple Elasticsearch Honeypot

ElasticHoney is a simple elasticsearch honeypot designed to catch attackers exploiting RCE vulnerabilities in elasticsearch. How it Works This honeypot is pretty simple. It takes requests on the /, /_search, and /_nodes endpoints and returns a JSON response that is identical to a vulnerable ES instance (should be identical – I took the responses straight …