[Dshield] Classic hacks
joem at nist.gov
Mon Jan 26 17:15:10 GMT 2004
At 11:29 AM 1/26/2004, Pete Cap wrote:
>For the purposes of studying / explaining forensics and network traffic
>analysis (tcpdump, snort, etc.) it would be great if anyone had any
>complete records of common compromises (real or laboratory-generated).
>Anyone know where I could find such a resource?
>It would be great to point and say "*Here* he caused a buffer
>overrun...*this* is the code which was exectuted...*this* is what it
>did...now *here* you can see him setting up a user account..." etc.
Honeynet.org does have an archive of their forensic challenges that may
have what you are looking for.
More information about the list