RE: Honeypots - A Request 06-04-2014, 10:41 AM
#11
A UML honeypot (which is text-based) is very easy to detect once you've gained access. But bypassing any honeypot is relative to your knowledge of the underlying system (usually unix but sometimes windows). It's not exactly trivial but it's not impossible to bypass jail-shells. For instance, I've gained root on one or two eepsites on i2p, using a method of jail-breaking via bash.
Once you're out of the initial jail-shell, you can basically juss unset it, or pwn the system entirely. The opposite concept was presented at DefCon 15: how to detect and deny web 2.0 attacks using HoneyJax and IDS's/IPS's.
Symantec has a couple articles about defeating web-based honeypots.
http://www.symantec.com/connect/articles...ues-part-1
Once you're out of the initial jail-shell, you can basically juss unset it, or pwn the system entirely. The opposite concept was presented at DefCon 15: how to detect and deny web 2.0 attacks using HoneyJax and IDS's/IPS's.
Symantec has a couple articles about defeating web-based honeypots.
http://www.symantec.com/connect/articles...ues-part-1
![[Image: Ov15OiO.png]](https://i.imgur.com/Ov15OiO.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)