Breaking Honeypots for Fun and Profit

Presented at Black Hat USA 2015, Aug. 6, 2015, 12:10 p.m. (50 minutes).

We will detect, bypass, and abuse honeypot technologies and solutions, turning them against the defender. We will also release a global map of honeypot deployments, honeypot detection vulnerabilities, and supporting code.

The concept of a honeypot is strong, but the way honeypots are implemented is inherently weak, enabling an attacker to easily detect and bypass them, as well as make use of them for his own purposes. Our methods are analyzing the network protocol completeness and operating system software implementation completeness, and vulnerable code.

As a case study, we will concentrate on platforms deployed in real organizational networks, mapping them globally, and demonstrating how it is possible to both bypass and use these honeypots to the attacker's advantage.


Presenters:

  • Dean Sysman - Cymmetria
    Dean Sysman is CTO of Cymmetria, an Israeli stealth cyber security start-up. A unit 8200 veteran, Dean started his military intelligence career first as a low-level security researcher, later on promoted to the rank of Captain to lead high level security research, earning multiple awards for his service. Already when he was 15, he won first place in the prestigious Robotics Olympiad, and by the age of 19 earned his B.Sc. in computer sciences. Before joining Cymmetria, Dean was involved in the development of cross platform translation compiler for embedded processors.
  • Gadi Evron - Cymmetria
    Gadi is CEO and founder of Cymmetria, a cyber security startup, Chairman of the Board of the Israeli CERT and Founding Chairman of the Cyber Threat Intelligence Alliance. He is widely recognized for his work in internet security operations and global incident response, considered the first botnet expert. He was previously VP of Cybersecurity Strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. Prior to that Gadi was CISO for the Israeli government Internet operation, founder of the Israeli Government CERT and is a research fellow at the Yuval Ne`eman Workshop for Science, Technology and Security, at Tel Aviv University, working on cyber warfare projects. Gadi authored two books on information security, organizes global professional working groups, chairs worldwide conferences, and is a frequent lecturer.
  • Itamar Sher - Cymmetria
    Itamar Sher is a senior developer for Cymmetria, an Israeli stealth cyber security start-up. Served for 5 years in 8200, the Israeli elite intelligence unit, as a low-level researcher. During his years in the army he won several awards for different projects and several personal awards for technological excellency. Itamar has been Reverse Engineering since middle school and has reversed many embedded devices, from his old Symbian phone to mainframe switches. In his spare time he researches identity theft.

Links:

Similar Presentations: