On the last meeting of the AK Sicherheit (ECO Verband) we could see a live demo
of the tool Beef (Browser Exploitation Framework). Nice to see that XSS-attacks
(cross-site-scripting) is not only a nice POP-UP window, but is indeed a real attack
vector for anyone.
Try yourself, the software can be downloaded from www.bindshell.net
Archive for May, 2010
Beef
Saturday, May 8th, 2010own rbl started
Saturday, May 8th, 2010I finally managed to create my own RBL (realtime blocklist) feeded by my honeypot.
All verified IPs which successfully attacked the honeypot are put into a database, which
provides a rbl for our MXes. The IPs are held for 24 hours except those which have more than 50
successful attacks within the last day. I was wondering if there were any mail-hits to be seen
at all; at least these are totally different attack vectors. But strangely enough I could see
blocked emails because of the entries made by the honeypot. We will see how well this
performs.