Shmoo 6

Scheep.

Reading the description, it sounds a bit like a new form of a honeypot; something there just for people to fuck with to no avail.

I’m having flashbacks to when I put a GNU/Hurd box on an publicly-accessible IPv4 address to see how long it took someone to break in. With Telnet enabled.

It took a Navy Red Team friend several days, but he eventually cracked the password, got a command shell, then didn’t know what the fuck to do with it.

Due to technical difficulties, presentation didn’t start until nearly twenty minutes late.

This is an attempt to create a Web Service, not a regular binary on the host.

Good sandbox for both red and blue teams; tracks everything

HTTP capture signatures.

Bulk command shove; no idea who ran which command.

Remote shell over http to sites around the world.

For the Windows stuff, he was operating on the WinSock dll. When I did some programming, I found it ummm…ancient. Maybe it’s gotten better since I was plunking away on it in 2006.

He is planning to “open source” the code, but Larry Ellison executing his jerk options again.

It does sound like neat tech. I’m not sure I completely understand how it’s used, but, then, I’m not a pen tester.