Building a Better Honeypot Network

Presented at DeepSec 2015 „DeepSec No. 9“, Nov. 19, 2015, 2 p.m. (50 minutes)

Honeypots and honeypot networks help security researchers to get a good look at different attacker techniques across a variety of systems. This information can be used to better protect our systems and networks, but it takes a lot of work to sift through the data. Installing a network of honeypots to provide useful information should be an easy task, but there just isn't much to tie everything together in a useful manner. In this presentation, I will demonstrate how I modify and use existing honeypot frameworks and applications with personal tools and techniques to process attack-related data, to automate analysis and create actionable intelligence. All the code and instructions I use will be made available for others to work with.

Presenters:

• Josh Pyorre - OpenDNS
  Josh is a security analyst with OpenDNS. Previously, he worked as a threat analyst with NASA, where he was part of the team to initially help build out the Security Operations Center. He has also done some time at Mandiant. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. Josh rides motorcycles, likes minimalist camping and makes dark electronic music. Josh has presented at Defcon, various B Sides across the US and Source Boston.

Links:

• https://deepsec.net/archive/2015.deepsec.net/speaker.html#PSLOT200
• https://infocon.org/cons/DeepSec/DeepSec 2015/Building a Better Honeypot Network - Josh Pyorre.mp4
• https://infocon.org/cons/DeepSec/DeepSec 2015/Building a Better Honeypot Network - Josh Pyorre.srt (subtitles)

Similar Presentations:

• Black Hat USA 2015 / Breaking Honeypots for Fun and Profit
• CarolinaCon 13 (2017) / HoneyPy & HoneyDB
• BSidesSF 2016 / Breaking Honeypots for Fun and Profit