Wednesday, 14 August 2013

Project Artillery


Project Artillery is an advanced active response tool for detecting attackers before they have the chance to hit the rest of your network. Project Artillery is an open-source Python-driven tool written purely in native Python. The purpose of Artillery is to provide a combination of a honeypot, file-system monitoring, system hardening, real-time threat intelligence feeds, and overall health of a server to create a comprehensive way to secure a system. Project Artillery was written to be an addition to security on a server and make it very difficult for attackers to penetrate a system. The concept is simple. Project Artillery will monitor the filesystem looking for any type of change, if one is detected, an email is sent to the server owner. If SSH brute force attacks are detected, notifications will be sent to the server owner, as well as ban the offending IP address.

Project Artillery has a built in threat intelligence feed that automatically blocks attackers known from other sensors deployed around the globe. The “Artillery Threat Intelligence Feed” (ATIF) is a number of TrustedSec owned servers strategically deployed around the globe and feeding real-time intelligence back to your Artillery installations. This allows you to be on a defensive ground for already known attackers prior to them ever hitting you. When Artillery is deployed, it contacts TrustedSec’s central intelligence feed to pull multiple Artillery sensors located around the globe into a realtime alerting system of attacker IP addresses. The Artillery systems you install will continuously pull the feeds in realtime and have coverage from attacker addresses prior to them hitting you.

One of the most effective features is the honeypot aspects of Artillery. Artillery will open a series of pre-defined ports that are commonly attacked. For example 135/445 (RPC/SMB), 1433 (MSSQL), 5900 (VNC), and many others. If an attacker attempts to port scan or connect to these ports, a random sequence of random data is sent back to the attacker to look as a strange protocol then bans the offending attacker. Using this method on the Internet yielded over 973 blocked offenders within leveraging it in a weeks timeframe

To download Project Artillery, you must utilize github and issue the following command: