this post was submitted on 23 Aug 2023
5 points (100.0% liked)
cybersecurity
64 readers
1 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts
Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.
If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.
It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.