honeypot files
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
Member 8762977 wrote:
When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user
So you told all your workers "not to click" the file, and are hoping to catch a hacker who "does" click it? Why would I click on a file that I'm interested in? I'd zip it, download it, and then I'd look at it. Best way to find the "unauthorized" user is by going trough the connection-logs.
Bastard Programmer from Hell :suss:
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
What happens if a legitimately clicks on one of these files? It could easily happen.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
-
Member 8762977 wrote:
When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user
So you told all your workers "not to click" the file, and are hoping to catch a hacker who "does" click it? Why would I click on a file that I'm interested in? I'd zip it, download it, and then I'd look at it. Best way to find the "unauthorized" user is by going trough the connection-logs.
Bastard Programmer from Hell :suss:
exactly. the legitimate user know the honeypot files and he'll never select them, the files will named with attractive names like "credit card details"... i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected? BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
-
What happens if a legitimately clicks on one of these files? It could easily happen.
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
The legitimate user will know all honeypot files on his system, and if he'll click then it depend on other variables, we build the legitimate user profile and compare it to the current user every interval of time and in additional we planting honeypot files so it's not black and white answer to what happend if he'll click on the honeypot file.
-
exactly. the legitimate user know the honeypot files and he'll never select them, the files will named with attractive names like "credit card details"... i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected? BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
Member 8762977 wrote:
the legitimate user know the honeypot files and he'll never select them
The "legitimate user" will be the only person ever selecting them. It merely takes a screensaver and a certain point of focus.
Member 8762977 wrote:
the files will named with attractive names like "credit card details"...
Why would I click a file? Most hackers will not be using RDP, there's little to click from a command-line. I will not be looking for "attractive filenames", I'll be going for all that resembles logfiles to hide my arse! Once the attacker is feeling secure, they might download data. Not activate it, but download it. That is, assuming that they're even looking for data, as opposed to uploading a keylogger.
Member 8762977 wrote:
only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected?
Windows does not inform other applications on which files are selected from a random dialog. This would be complex to achieve, without helping much. ..that is, unless you are trying to "secure" an insecure desktop, where multiple people have physical access to the desktop. Is there a by any chance a Post-It note on the monitor with the password? :)
Bastard Programmer from Hell :suss:
-
exactly. the legitimate user know the honeypot files and he'll never select them, the files will named with attractive names like "credit card details"... i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected? BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
Member 8762977 wrote:
only against unauthorized user that use my PC or laptop without my acception to extract worth data.
What should I be imagining under that? You going to the bathroom without locking your computer or what? Press [Windows key] + [L]. You could create a virtual drive[^] using the Dokan libraries. Acts as a regular drive, but gets its data from a .NET application. Other options might include a Shell-extension that provides a custom tooltip for something with your own file-extension, or try to hook into the system at a deeper level.
Bastard Programmer from Hell :suss:
-
The legitimate user will know all honeypot files on his system, and if he'll click then it depend on other variables, we build the legitimate user profile and compare it to the current user every interval of time and in additional we planting honeypot files so it's not black and white answer to what happend if he'll click on the honeypot file.
Well, if you're trying to do this, you need to be running at a deeper level because trying to do this at a high level means that it can be circumvented. Why write it in C# - effectively you need to be writing something that sits almost at the Kernel level, so you need to use something like C or C++, especially if your users want their systems to still be relatively performant?
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
-
exactly. the legitimate user know the honeypot files and he'll never select them, the files will named with attractive names like "credit card details"... i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected? BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
Member 8762977 wrote:
i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected?
BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.I doubt that this is a valid design. Security has two aspects: prevention and detection. If you want to prevent it then you use methods that prevent access in the first place. If you want to detect it then you want to be able to identity the party. So if you want to protect access then you should look into schemes that lock the computer when the legitimate owner is not present - period.
-
Well, if you're trying to do this, you need to be running at a deeper level because trying to do this at a high level means that it can be circumvented. Why write it in C# - effectively you need to be writing something that sits almost at the Kernel level, so you need to use something like C or C++, especially if your users want their systems to still be relatively performant?
*pre-emptive celebratory nipple tassle jiggle* - Sean Ewington
"Mind bleach! Send me mind bleach!" - Nagy Vilmos
CodeStash - Online Snippet Management | My blog | MoXAML PowerToys | Mole 2010 - debugging made easier
Pete O'Hanlon wrote:
users want their systems
If he cared about his users he would not be pissing them off by doing this at all.
Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
WHAT?! This has got to be the worst hair-brained scheme I've heard of in quite a long time. This isn't going to protect anything at all since you're still leaving the drive in the machine and the data on it unprotected. Also, if someone does get their hands on the machine you can't possibly identify the person using it based on what they click on. Ever heard of BitLocker?? It's free. Install it and you can encrypt the entire hard drive. Now, if someone leaves their machine unlocked, that's on them, not the guy who's not authorized to use it. In most companies I've been at, if you leave your machine unattended and unlocked, that's a terminatable offense.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
exactly. the legitimate user know the honeypot files and he'll never select them, the files will named with attractive names like "credit card details"... i don't need that the unlegitimate user will open this file, only one click, if he select the file i want to lock the system, how can i check if honeypot file like: C:\credit_card.txt was selected? BTW this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
Member 8762977 wrote:
this project not suppose to defend against hackers, only against unauthorized user that use my PC or laptop without my acception to extract worth data.
So how do you protect against non-legitimate users who do not click on any of your honeypot files? By the time your PC gets locked they will already have stolen all the real secret data.
Binding 100,000 items to a list box can be just silly regardless of what pattern you are following. Jeremy Likness
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
-
Pete O'Hanlon wrote:
users want their systems
If he cared about his users he would not be pissing them off by doing this at all.
Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
-
Ive planted honeypot files over few directories. My code is fire event whenever user click with his mouse anywhere. When the event is fire i want to check weather the user made right click or left click on honeypot file, if he does then i can assum hes unlegitimate user. There is a way to check it?
Honeypot files came out of the old days when a) a box was known to be compromised b) the box contained sensitive data (government) c) the logs showed the user had particular interest in certain types of files The files planted would be fakes aimed at providing a spy with false information that would potentially reveal spies within the country. Your concept won't catch anyone at all. If a true hacker saw your box unlocked and wanted to find these 'honeypot' files they'd open a command prompt and use dir /s to locate the files of interest then copy them to a usb disk. How does your scheme cover that?