Messing with Portscans with Honeyports (Cyber Deception) - John Strand
HTML-код
- Опубликовано: 24 авг 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
In this video John covers how to create a port that blocks an attacker as soon as they make a full established connection to it.
Get ADHD: www.activecoun...
Brought to you by:
Black Hills (Pentesting): www.blackhills...
Active Countermeasures (Threat Hunting Solution): www.activecoun...
Wild West Hackin' Fest (Conference: www.wildwestha...
Security Weekly (Vlog/Podcast) www.securitywe...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchan...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-gen...
Black Hills Infosec Services
Active SOC: www.blackhills...
Penetration Testing: www.blackhills...
Incident Response: www.blackhills...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsa...
Play B&B Online: play.backdoors...
Antisyphon Training
Pay What You Can: www.antisyphon...
Live Training: www.antisyphon...
On Demand Training: www.antisyphon...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhills...
Wild West Hackin' Fest RUclips: / wildwesthackinfest
Active Countermeasures RUclips: / activecountermeasures
Antisyphon Training RUclips: / antisyphontraining
I love the little editor's remark. EDIT - Can we please get more wireshark tutorials? They're pretty great!
Checkout "Chappel Wireshark". There's some good stuff in here from them.
Woah, the blue room echos like crazy. Need more arcade cabinets John.
Is it dropping based on domain or IP?
I'd imagine the latter. Just curious because of the domain name listing in iptables output.
How does this interact with an attacker that uses a half open port scan? If the attacker is only blacklisted with a synack, does the half open scan not trigger the blacklisting?