this post was submitted on 23 Aug 2023
8 points (100.0% liked)

cybersecurity

3249 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

you are viewing a single comment's thread
view the rest of the comments
[–] mwguy@infosec.pub 0 points 1 year ago (1 children)

Instead of giving it a LLVM based shell, can you give it an actual shell in a container? Maybe backed by AppArmor or SELinux to prevent breakouts

[–] RedPhoenix@aussie.zone 2 points 1 year ago

Tempting, but in order to reduce the potential attack surface, I'm likely just to create a simple simulator instead now.

If it's good enough to fool the first few interactions of an automated script, that'll probably do. That'll give me the curl/wget target they're trying to insect me with, most likely.

It means I can potentially create a single binary docker instance that can be reset practically instantly by deleting/reimporting.