Re: securing a deliberately vulnerable web app

["bournenapste () gmail com" <bournenapste () gmail com>]

This is a article i would like everyone of us who are interested in
detecting the latest threats and Honeypots related stuff should read
this ===>

The Honeypot Incident – How strong is your UF (Reversing FU)
https://www.corelan.be/index.php/2011/01/31/the-honeypot-incident-how-strong-is-your-uf-reversing-fu/


The article deeply explains all the relevant details and an example
scenario showing  a intrusion . The system was completely rooted.The
article also explains the techniques by which the virtual machines are
detected and the complete code is altered and the program starts
behaving differently to avoid reversing . There are a lot of custom
patches and honeypots available online  u can kick start with a simple
one and apply your apps that u wish to watch on it .If there is
something u cannot understand or you wish to query u can freely ask me
i have been doing this stuff for a long time . Set up low-interaction
honeypot such as nepenthes, dionaea, or mwcollectd   ==>
http://code.mwcollect.org/
And start researching them initially the task may seem a little
confusing but later u'll love it .  I recommend start with nepenthes .
Python if u know will help u a lot .

Thank You

On Tue, Jul 12, 2011 at 1:19 AM, Daya, Rohan <rohan.daya () liberty co za> wrote:
> Please remove me from these forums
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of bournenapste () gmail com
> Sent: 08 July 2011 03:15 PM
> To: webappsec () securityfocus com
> Subject: Fwd: securing a deliberately vulnerable web app
>
> ---------- Forwarded message ----------
> From: bournenapste () gmail com <bournenapste () gmail com>
> Date: Fri, Jul 8, 2011 at 9:52 AM
> Subject: Re: securing a deliberately vulnerable web app
> To: Robin Wood <robin () digininja org>
>
>
> I will suggest use Xen -Hypervisor instead of Vmware because it provides a better workaround and analysis of malwares 
> etc. if u want to moreover do check for some of the patches for vmware as vmware can be detected there has been som 
> papers being released on the issue read them and also  as u  need you enviornment to be completely confidential from 
> external rsources .  .
> Xen-Hpvervisor is better than all virtual enviornments in all aspects .
> On Wed, Jul 6, 2011 at 8:15 PM, Robin Wood <robin () digininja org> wrote:
> > Thanks everyone for the good ideas, if I get around to building the
> > project I'll let you all know.
> >
> > Robin
> >
> > On 6 July 2011 14:35, Vedantam Sekhar <vedantamsekhar () gmail com> wrote:
> > > One method is to restrict the "Outbound" connections "orginating"
> > > from the server at Firewall that does the statefull inspection.In
> > > this way, i think though attacker/user compromise the OS , he would
> > > not be able to attack other external networks as outbound TCP
> > > connections from that server is not allowed.
> > > And also, as you know very well what are the vulnerabilities you are
> > > providing on your vulnerable application, you will have an idea to
> > > what extent an attacker can go, therefore you can restrict/place
> > > additional security controls.For example, if the vulnerable
> > > application demonstrates an OS command injection, you may restrict
> > > the users what are all the commands they can execute on the target
> > > OS.In hackthissite.org, i know i can execute OS commands through SSI
> > > injection, but i am restricted to specific OS commands only,. May be
> > > you have to modify the kernal or something like that. You also may
> > > have to run the Application with minimum previliges & Jailed
> > > environment on the target webserver just in case. Be prompt in
> > > Patching of all the technologies exposed at Internet is required so
> > > that attacker do practice otherthan what you want to teach them :-)
> > >
> > > This is just my idea on how they might be doing it :-)
> > >
> > > Thanks,
> > >
> > > Sekhar
> > >
> > > On Mon, Jul 4, 2011 at 4:21 AM, Robin Wood <robin () digininja org> wrote:
> > > > This is a question for anyone who runs a deliberately vulnerable
> > > > web app on a public facing site to allow people to test hacking it
> > > > or to test vulnerability scanners against it. I'm thinking of
> > > > things like http://test.acunetix.com/ .
> > > >
> > > > What I'd like to know is how you go about securing the box the
> > > > sites are running on. Obviously you need the site running on its
> > > > own server, preferably airgapped from the rest of your network but
> > > > how do you protect yourself from attackers getting on the box then
> > > > pivoting from it to do a real attack to someone else? I'm guessing
> > > > it is something like a VM that is automatically rolled back
> > > > periodically so even if someone tries then they only have a limited
> > > > attack window but are there any other things people do?
> > > >
> > > > I'm asking because I've got an idea for a new public service which
> > > > would involve putting up an app that is vulnerable but I'd like to
> > > > make sure that if I do I protect myself as much as possible.
> > > >
> > > > Robin
> > > >
> > > >
> > > >
> > > > This list is sponsored by Cenzic
> > > > --------------------------------------
> > > > Let Us Hack You. Before Hackers Do!
> > > > It's Finally Here - The Cenzic Website HealthCheck. FREE.
> > > > Request Yours Now!
> > > > http://www.cenzic.com/2009HClaunch_Securityfocus
> > > > --------------------------------------
> >
> >
> >
> > This list is sponsored by Cenzic
> > --------------------------------------
> > Let Us Hack You. Before Hackers Do!
> > It's Finally Here - The Cenzic Website HealthCheck. FREE.
> > Request Yours Now!
> > http://www.cenzic.com/2009HClaunch_Securityfocus
> > --------------------------------------
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>
> **********************************************************************
> The e-mail and attachments are confidential and intended only for selected recipients. If you have received it in 
> error, you may not in any way disclose or rely on the contents. You may not keep, copy or distribute the e-mail. 
> Should you receive it, immediately notify the sender of the error and delete the e-mail.Also note that this form of 
> communication is not secure, it can be intercepted, and may not necessarily be free of errors and viruses in spite of 
> reasonable efforts to secure this medium.
> **********************************************************************



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------