You Hack, We Capture: Attack Analysis with Honeypots

Presented at BSidesLV 2015, Aug. 5, 2015, 8:30 a.m. (235 minutes).

Honeypots are systems aimed at deceiving malicious users or software that launch attacks against the infrastructure of various organizations. They can be deployed as protection mechanisms for an organization's real systems, or as research units to analyze the methods employed by human hackers or malware. In this workshop we will study the operation of two research honeypots. A honeypot system will undertake the role of a web trap for attackers who target the SSH service. Another one will undertake the role of a malware collector, usually deployed by malware analysts to gather and store malicious binary samples. We will also talk about post-capturing activities and further analysis techniques. Furthermore, visualization tools and techniques will be presented, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots an easy task.


Presenters:

  • Ioannis Koniaris - Software Engineer (Security Team) - Yelp
    Ioannis is an Information Security engineer and researcher, working to protect company assets, data and operations. His general interests are programming, security, development operations (DevOps) and cloud computing while his academic interests include honeypots, honeyclients, botnet tracking, malware analysis, intrusion detection and security visualization. Ioannis has released a number of utilities to aid information security professionals using honeypots. Some of them are Kippo-Graph, Honeyd-Viz and HoneyDrive; a self-contained honeypot bundle Linux distribution. These tools are used by numerous university researchers, various CERT teams worldwide and have also been included in the "Proactive detection of security incidents II - Honeypots" report by ENISA (European Union Agency for Network and Information Security). Lastly, Ioannis has presented lengthy workshops at well-known security conventions such as BruCON and BSidesLV.

Links:

Similar Presentations: