Cyber security

XZ-Vulnerable-Honeypot : A New SSH Defense Mechanism With CVE-2024-3094

An innovative SSH honeypot equipped with the XZ backdoor, identified by CVE-2024-3094.

Designed to bait and study potential attackers, this tool offers a unique glimpse into the tactics and techniques used by cyber adversaries.

By simulating vulnerabilities, it provides invaluable insights into securing networks against sophisticated threats.

Installation

PLEASE run this on a separate isolated system. Docker is not used for isolation, but for getting the libraries working.

The bpf hook alsoo prints EVERY call to execve, including ones outside the container.

Just run

docker compose up

Logs are stored in ./logs/. The current monitoring includes bpftrace monitoring execve syscalls where the parent process is ‘sshd’, strace monitoring execve syscalls on the parent sshd process, tcpdump recording a pcap (TODO: rotate this) and sshd logging it’s regular output (TODO: patch something to log the RSA key).

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

6 days ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

6 days ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

6 days ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

6 days ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

6 days ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

7 days ago