|
|
|
|
|
|
by Retr0id
726 days ago
|
|
|
People writing malware generally don't want to deploy it on honeypots, because then they're handing their payload (and other tradecraft) directly to analysts. So often the first stage is an attempt at honeypot detection, or more broadly, device fingerprinting. A bad honeypot might not even run a real /bin/sh, and this detects that right off the bat. |
|
|