Bring Back the Honeypots...

Presented at Black Hat USA 2015, Aug. 5, 2015, 10:20 a.m. (50 minutes)

Honeypots were all the rage in the 90's - A raft of tools (and even a world-wide alliance) sprung up extolling their virtues but they never managed to live up to their hype. They were largely relegated to researchers and tinkerers on the fringes. At the same time, we have the Verizon DBIR telling us that most companies are first informed by 3rd parties that they are breached. This is a stupid situation to be in. Well deployed honeypots can be invaluable tools in the defenders arsenal, and don't need to look anything like the honeypots of old. From application layer man-traps, to booby-trapped documents. From network-level deception, to cloud based honeypottery, we are bringing honeypots back! During this talk, we will discuss and demonstrate the current state of the art regarding honeypots. We will explore the factors that limit adoption (and will discuss how to overcome them.) We will demonstrate new techniques to make your honeypots more "hacker-discoverable" & will share data from running actual honeypots in real organizations. We will also discuss (and release) OpenCanary, our new open source honeypot (along with supporting scripts and utilities). Over the past few years, honeypots have gotten a bit of a bad rap. We will give you tools, techniques and takeaways, to move them from geeky time-wasters, to the most useful pieces of kit you will deploy.

Presenters:

• Marco Slaviero - Thinkst
  Marco Slaviero is the lead researcher at Thinkst. Marco has presented research at conferences all over the world on topics ranging from timing attacks to python shellcode. He is rumoured to harbor a personal dislike for figs.
• Haroon Meer - Thinkst
  Haroon Meer is the founder of Thinkst, an applied research company with a deep focus on information security. Haroon has contributed to several books on information security and has published a number of papers on various topics related to the field. Over the past decade (and a half) he has delivered research, talks, and keynotes at conferences around the world.

Links:

• https://www.blackhat.com/us-15/briefings.html#bring-back-the-honeypots
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Bring Back The Honeypots.srt (subtitles)
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2015/video/Black Hat USA 2015 - Bring Back The Honeypots.mp4
• https://www.youtube.com/watch?v=W7U2u-qLAB8

Similar Presentations:

• BSidesLV 2015 / You Hack, We Capture: Attack Analysis with Honeypots
• Diana Initiative 2020 Virtual / IoT Honeypots and Rogue Appliances
• BSidesLV 2014 / You Hack, We Capture: Attack Analysis with Honeypots