Monday, September 19, 2011

Tracking the Attackers with a Web Honeypot

GlastopfNG is a web Honeypot that simulates vulnerable web applications in order to attract  intruders and understand their attacks.

The following talk is mainly focused in the researcher's point of view, getting statistics and finding new attacks, but I understand that this tool is extremely useful for the defenders because it may help us to spot and study the attackers as well.

Its key features are:

  • Dynamically generate dorks in order to attract the attacker
  • Pattern matching engine.
  • Extensible with modules to detect and react to new attacks.
  • Custom reporting. We can write our own report module that could feed our alerting system.


Slides


No comments:

Post a Comment