[Dshield] Classic hacks

Joe Matusiewicz joem at nist.gov
Mon Jan 26 17:15:10 GMT 2004

At 11:29 AM 1/26/2004, Pete Cap wrote:
>Greetings all,
>For the purposes of studying / explaining forensics and network traffic 
>analysis (tcpdump, snort, etc.) it would be great if anyone had any 
>complete records of common compromises (real or laboratory-generated).
>Anyone know where I could find such a resource?
>It would be great to point and say "*Here* he caused a buffer 
>overrun...*this* is the code which was exectuted...*this* is what it 
>did...now *here* you can see him setting up a user account..." etc.

Honeynet.org does have an archive of their forensic challenges that may 
have what you are looking for.


-- Joe

More information about the list mailing list