On 14/03/2008, Critical Bill <[EMAIL PROTECTED]> wrote: > Greetings all. As I continue to use capture-hpc I'm trying to formulate an > effective methodology for visiting malware-serving sites. > > In my case, I understand that the ideal testing scenario is to use XP SP2 in > it's default state (OS firewall enabled, IE default settings, etc..). > However, sometimes no 'event' will occur unless I introduce > interaction/modification, > > - Manually click "OK" when asked to install the IE Chinese Language Pack :) > - Disabling pop-up blocker
Yep, I need to do these two on my image. > - Allowing Downloading of Unsigned Active X controls Probably makes it too easy to find exploits :p We're interested in exploits that happen without user interaction though. Next up, we're probably going to build an image which is patched up to date and see if anything kills that as well as the unpatched one. I've written a couple of scripts to walk over URLs contained in spam, so I can share these when they're in a reasonable state. cheers, Jamie -- Jamie Riden / [EMAIL PROTECTED] / [EMAIL PROTECTED] UK Honeynet Project: http://www.ukhoneynet.org/ _______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
