package-analysis icon indicating copy to clipboard operation
package-analysis copied to clipboard
verified publisher icon ossf

add baits to sandbox container

Open jossef opened this issue 3 years ago • 1 comments

Suggesting adding baits to lure attackers into interacting such as

  • ssh keys
  • environment variables with interesting tokens
  • browser database files
  • discord
  • aws credentials and config
  • .npmrc

In addition to monitoring the interaction with such files, with the visibility https://github.com/ossf/package-analysis/issues/585 can give, observing such sensitive content being exfiltrated to a C2 server, we can add a label in the report such as "EXFILTRATING_SENSITIVE_INFORMATION"

jossef avatar Jan 19 '23 10:01 jossef

Awesome suggestion @jossef! This is a really good idea.

maxfisher-g avatar Jan 20 '23 05:01 maxfisher-g