cybersecurity

3157 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

What are You Working on Wednesday (infosec.pub)

submitted 1 year ago by shellsharks@infosec.pub to c/cybersecurity@infosec.pub

11 comments fedilink hide all child comments

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

you are viewing a single comment's thread
view the rest of the comments

[–] mwguy@infosec.pub 0 points 1 year ago (1 children)

Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts

[–] RedPhoenix@aussie.zone 2 points 1 year ago

Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.

If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.

It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.