bwall Posted March 26, 2013 Share Posted March 26, 2013 For the past few months(even maybe half a year now), along with DigiP, I have been researching web botnets, attacks they use, and common web shells they use. As a result, we have been able to release products to help protect against their spreading attacks and released 2 exploits for taking down the botnets themselves. The issue we have run into is that we have a limited amount of data/honey pots to work with. While we do have some collecting data, the data being gathered is somewhat limited. This is why I started the Attack-Analysis project. This project is designed to host a web API to post general attack information to when your webserver or honey pot receives an attack. This attack data is then pumped into a database, which is later analyzed by me to come up with details on these botnets, including exploits to take them down or in a slightly less ethical manor, take control of them. The details for the API are here: https://defense.ballastsecurity.net/wiki/index.php/Attack_Analysis Another place that you can help is with the payload decoder, which archives and decodes RFI payloads. The details for that are here: https://defense.ballastsecurity.net/wiki/index.php/RFI_Payload_Decoder and the results are currently hosted here along with the archived sources: https://defense.ballastsecurity.net/decoding/index.php The exploits: http://www.exploit-db.com/exploits/24883/ http://www.exploit-db.com/exploits/20168/ So if you want to help the good fight, please help out anyway you can. I try to make everything I release as open source as possible, but somethings need to stay a bit in the dark for security's sake, because I know botters follow my work. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.