Golang, Web Application Security

Listening to Web Attacks Remixed!

Phillip Maddux

Your friendly neighborhood AppSec advisor and honeypot enthusiast. Formerly @ Goldman Sachs and Ernst & Young. Find his thoughts in code form committed to Github.

Early last year I published a fun tool called sigsci-sounds for users of Signal Sciences — my prior blog post can be read here. Sigsci-sounds monitors attack and anomaly data and will play a sound for each type of attack or anomaly. Rather than trolling logs or staring at dashboards, let your web application tell you when it’s being attacked. In this post, I want to let you know about several improvements to sigsci-sounds.

spencer-imbrock-487035-unsplash-369138-edited

Photo by Spencer Imbrock on Unsplash

The Remix Specifics

First off, you can find sigsci-sounds on Github here.  Written in Go, sigsci-sounds was one of my first projects to start learning Go — and also why it was in dire need of improvements! Here is the list:

  • Local OS sound files are no longer required for the default configuration: the repo now includes numerous sound files.
  • Themes! It now comes with several themes to choose from — more details below. You can easily create your own themes too. More details on that in the Readme file here.
  • Go-sigsci: it now leverages the official Go client library for the Signal Sciences API. This library can be found on Github here.

Bundled Themes

USS_Enterprise_fires_photon_torpedo

photo source

This is the fun part. Imagine being alerted to SQL injection attacks with the sound of a photon torpedo firing! Or Eric Cartman from South Park yelling at you so you’re aware something is happening that you probably should take a look at. Here is the current list of bundled themes:

  • A-Team
  • Batman (Holy mashed potatoes! lol)
  • Lost in Space
  • Mac OS X (default theme)
  • Microsoft Windows
  • South Park
  • Space Ghost
  • Star Trek TOS

I have to admit, one of my favorites is Space Ghost yelling “Nooooo” for about 30 seconds.

Space_Ghost

photo source

Conclusion

While you can have a lot of fun with themes, this really can be an effective way to monitor security events. Most likely you have a busy schedule and don’t always have time to periodically review dashboard data. With sigsci-sounds running in the background throughout your day, it will tell you about the security events you care about the most.