Fooling Nmap and Metasploit: Cyber Deception on Production Systems

Presented at ShellCon 2020 Virtual, Oct. 10, 2020, 4 p.m. (55 minutes).

Given enough time and resources, advanced adversaries will bypass modern intrusion detection solutions. SIEMs are often configured to gather as much information as possible in an environment, and the resulting value of provided alerts and responses rely on attempting to lower the number of false positives. The goal of The Aerospace Corporation was to conduct an experiment in achieving higher fidelity true positive alerts by utilizing cyber deception concepts. Our research concluded that by through a mix of low and medium interactivity honeypots deployed on a production system, it is possible to gather not only true positive alerts but also threat intelligence on adversaries.

The talk will cover a brief overview of current FOSS deception solutions and will pivot to the research showcasing our own FOSS cyber deception experiment that detects and monitors cyber adversaries.


Presenters:

  • Henry Reed
    Henry Reed is a senior at California State University, Northridge and an intern in the Cyber Defense Solutions Department at The Aerospace Corporation. Reed obtained the Security+, RHCSA, and GPEN certifications, extensively researched both offensive and defensive cyber operations (managing to get yelled at by Aerospace's IT in the process), worked directly with customers on software assessments and evaluation, and authored one of the CTF challenges at the 2019 Malware Technical Exchange Meeting. In his free time, Reed pops Hack the Box machines, attends every free cyber class he can find, and copes with the lack of sleep with dangerous amounts of caffeine.

Links:

Similar Presentations: