Where can I find attack logs (.bash_history)

Networking/Security Forums -> Computer Forensics and Incident Response

Author: Ipsec Espah PostPosted: Fri Feb 08, 2008 3:40 pm    Post subject: Where can I find attack logs (.bash_history)
    ----
I'm interested in seeing exactly what attackers do on systems they break into. I've read a couple great papers here and here on compromised Red Hat 8 honeypots that have transcripts of what the attacker did. Does anyone know where I can find similar attack logs/transcripts?

Author: BluePass PostPosted: Mon Apr 21, 2008 4:44 am    Post subject:
    ----
I thought I'd drop by and pass you a link -- the content is pretty old, but it's the only thing I know of that will show you attack logs. I know your post is pretty old too, but I was looking through the forums and found your post, so I decided I'd share this with you, if you don't already know about it.

They are supposed to be transcripts of Kevin Mitnick's online sessions, recorded by Tsutomu Shimomura. There are a few good hours worth of transcripts so they should last you for a while. You can find them here.

However, I do want to say that if you intend to use this to teach yourself about the techniques used by hackers, it is not really the best way to go. In fact I can't really imagine a best way to go about this. There will always be new methods of exploitation and different exploits. The same thing will happen with the tools used for cleaning the logs on a system, as I doubt many hackers will do it manually. And again, the same story for backdoors, rootkits, and anything else an attacker would want to install on a victim's machine.

Finally, you should realize that the majority of the attacks that do happen to personal computers are probably just a kid trying to up the count of zombie machines in his botnet. Their tools and techniques will usually be standard and they will grab whatever they can -- that is if you're not the one downloading and installing their malware, unaware of what you're doing. That will obviously differ from a bunch of hackers who one day decide to try to hack into a specific bank, in which case their techniques will change with the amount of security that bank uses.

Enjoy the transcripts. If you tell me more about what you're trying to do, I may be able to point you in the right direction.



Networking/Security Forums -> Computer Forensics and Incident Response


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group