Breaking Honeypots for Fun and Profit

Presented at 32C3 (2015), Dec. 30, 2015, 4 p.m. (60 minutes)

We will detect, bypass, and abuse honeypot technologies and solutions, turning them against the defender. We will also release a global map of honeypot deployments, honeypot detection vulnerabilities, and supporting code.

The concept of a honeypot is strong, but the way honeypots are implemented is inherently weak, enabling an attacker to easily detect and bypass them, as well as make use of them for his own purposes. Our methods are analyzing the network protocol completeness and operating system software implementation completeness, and vulnerable code.

As a case study, we will concentrate on platforms deployed in real organizational networks, mapping them globally, and demonstrating how it is possible to both bypass and use these honeypots to the attacker's advantage.


Presenters:

  • Itamar Sher
  • Gadi Evron
    Gadi is CEO and founder of Cymmetria, a cyber security startup, Chairman of the Board of the Israeli CERT and Founding Chairman of the Cyber Threat Intelligence Alliance. Formerly Gadi was VP at Kaspersky, and helped coordinate global incident response and information sharing. He is widely recognized for his work in internet security operations and global incident response, considered the first botnet expert. He specializes in corporate security, cyber intelligence and cyber crime. He was previously VP of Cybersecurity Strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. Prior to that Gadi was CISO for the Israeli government Internet operation, founder of the Israeli Government CERT and is a research fellow at the Yuval Ne`eman Workshop for Science, Technology and Security, at Tel Aviv University, working on cyber warfare projects. Gadi authored two books on information security, organizes global professional working groups, chairs worldwide conferences, and is a frequent lecturer.
  • Dean Sysman as DeanSysman
    Dean Sysman is CTO of Cymmetria, an Israeli stealth cyber security start-up. A unit 8200 veteran, Dean started his military intelligence career first as a low-level security researcher, later on promoted to the rank of Captain to lead high level security research, earning multiple awards for his service. Already when he was 15, he won first place in the prestigious Robotics Olympiad, and by the age of 19 earned his B.Sc. in computer sciences. Before joining Cymmetria, Dean was involved in the development of cross platform translation compiler for embedded processors.

Links:

Similar Presentations: