Skip to content

add baits to sandbox container #586

New issue
New issue
Open
Open
add baits to sandbox container#586
Assignees
elainechien
Labels
dynamic analysisIssues specific to the implementation of Dynamic AnalysisenhancementNew feature or request
@jossef

Description

@jossef
jossef
opened on Jan 19, 2023

Suggesting adding baits to lure attackers into interacting such as

  • ssh keys
  • environment variables with interesting tokens
  • browser database files
  • discord
  • aws credentials and config
  • .npmrc

In addition to monitoring the interaction with such files, with the visibility #585 can give, observing such sensitive content being exfiltrated to a C2 server, we can add a label in the report such as "EXFILTRATING_SENSITIVE_INFORMATION"

Metadata

Metadata

Assignees

Labels

dynamic analysisIssues specific to the implementation of Dynamic AnalysisenhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions