Websense, Inc. has posted their presentation from the rsa conf 2008 online (with narrative and some video clips). Maybe of interest to some of you...
Quite interesting insight into their infrastructure and the latest client honeypot technology they work on: - spiffy - instrumented browser that simulates the DOM. spiffy is able to detect certain conditions, like additions of iframes that then can be analyzed. - XMON - generic shellcode detection in which the memory is monitored for shellcode (done via hooking the browser) - binary downloader... here binaries are downloaded, executed and new http connections are monitored; those are fed into a high interaction client honeypot for further analysis (this works as a lot of malware are downloaders that make a second requests that can be plugged off) ...the presentation is located a http://securitylabs.websense.com/images/alerts/rsa_2008_honeyclient_preso.mov. Christian -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
