This research received financial support in part from National Science Foundation (Grant #: 1908571).
MTD '21: Proceedings of the 8th ACM Workshop on Moving Target Defense
Software security engineering
Attackers rely upon a vast array of tools for automating attacksagainst vulnerable servers and services. It is often the case thatwhen vulnerabilities are disclosed, scripts for detecting and exploit-ing them in tools such asNmapandMetasploitare released soonafter, leading to the immediate identification and compromise ofvulnerable systems. Honeypots, honeynets, tarpits, and other decep-tive techniques can be used to slow attackers down, however, such approaches have difficulty keeping up with the sheer number of vulnerabilities being discovered and attacking scripts that are being released. To address this issue, this paper describes an approach for applying concolic execution on attacking scripts in Nmap in order to automatically generate lightweight fake versions of the vulnerable services that can fool the scripts. By doing so in an automated and scalable manner, the approach can enable rapid deployment of custom honeyfarms that leverage the results of concolic execution to trick an attacker's script into returning a result chosen by the honeyfarm, making the script unreliable for the use by the attacker.
© 2021 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Locate the Document
Li, Z., Chen, B., Feng, W. C., & Xie, F. (2021, November). Concolic Execution of NMap Scripts for Honeyfarm Generation. In Proceedings of the 8th ACM Workshop on Moving Target Defense (pp. 33-42).