8
What are You Working on Wednesday
(infosec.pub)
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
Yep.. sigh
Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts
Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.
If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.
It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.