Ghost Sites Approva...
 
Notifications
Clear all

Ghost Sites Approval

3 Posts
2 Users
0 Likes
338 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Malicious bots sometimes connect to Ghost Sites. Actually Ghost Sites look not user friendly and the GUI Graphical User Interfaces is underdeveloped. But how can Ghost Sites technically be identified WITHOUT visiting them) The problem is by visiting you get infected.

Is there an approach of iron proof testing a Ghost Site for malicious before visiting? To run a browser in a sandbox and on a hypervizor would be after the test.

Please help us. Thank you!

 
Posted : 23/06/2017 12:40 pm
MDCR
 MDCR
(@mdcr)
Posts: 376
Reputable Member
 

Virtual machines should work fine, unless the malicious code identifies that it is running in a VM and shuts down. Old boxes could be useful for this with a ghost image for easy "revert to snapshot" capabilitty, that way it is running on genuine hardware and wont trigger a VM trap. It's more common to run stuff in virtual machines so this is probably less relevant in the future.

You could also use a regular reputation service or a list with bad domains and do comparisons. A passive IDS could probably also identify different exploitation types.

I'd use a custom browser with scripting disabled, then do probes using code and check the retrieved document for script includes and ActiveX / HTML5 bugs, but that requires programming skills.

 
Posted : 23/06/2017 9:33 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Thank you for your help!

 
Posted : 23/06/2017 10:01 pm
Share: