2021-06-12, 13:00–13:45, Track 2
Honeypots AND live demos all in one place? Yes, why YES I tell you, and this is it! Oh sure, honeypots are not new, but how they are used is what makes this talk just a little bit different. Presented for your viewing pleasure will be customized and specific honeypot configurations, some deployed with k8s (some not) and how they are used to not only catch attacks against your environment but also detect attacks from a compromised device in your infrastructure (you know, lateral movement).
Honeypots are not new, but how they are customized and deployed is what makes this talk a bit different. Presented for your viewing pleasure will be customized and specific honeypot configurations and how they are used to not only catch attacks against your environment but also detect attacks from a compromised device in your infrastructure (you know, that lateral movement thing).
Introduction - who I am and where this idea came from (3 mins)
Introduction to the different types of Honeypots and key issues with planning, architecture and deployment. One of the biggest issues with poor use of honeypots is not about setting them up, but customizing and using them the right way. Now referred to as “deception tech”, honeypots can provide a level of detection and defense against many types of attacks, but when the honeypots are easily detected, they serve no purpose. By customizing and planning deployment methodically and changing the defaults, a real security tool is created. Several examples will be presented with recorded sessions showing how to plan, customize and deploy the right honeypots to the right environments. In this section I will also show how Shodan easily identifies poorly configured honeypots. (12 mins)
Now for the fun! In this next section I will show various types of honeypots used for protection in the wild. The wild will consist of your home network, corp network, and even deployed in DMZs and the cloud. Customization steps will be further showcased as well as steps on combining different types to fully emulate different servers, devices and services. And let's not forget about logging and monitoring. What good is a detection tool that only logs to itself. I'll present opensource solutions for collecting and analyzing data from all the honey-sources. (10 mins)
Summary and Key Takeaways - Here I bring it all to a tidy conclusion by providing key takeaways for the How and the Whys of planning, customization and deployment and what to expect from private and hostile environments. The key point here is that attendees will walk away with real tools and ideas to use right away and not just some theory. This is actually a detailed section reviewing key points of the takeaways, not just a summary slide (10 mins)
Q&A - (5 mins)
5 minutes to spare from a 45 minute session!! Woo Hoo!
Demos will make this fun, with one live and several recorded demos to cap it all off.
1. Different types of honeypots
2. Honeypots and deception tech - not your mother’s honeypot (customizing)
3. Planning stages - this is CRITICAL for successful deployment
4. Setting up collectors/SIEM for analysis
5. CCAD <— now THIS is important
6. Automation of the deployment cycle
7. Real world analysis - reducing false positives to .01% (really really small)
The critical points for this entire presentation will be planning, customizing, building and deploying honeypots in real scenarios and showing how they can protect against rogue appliances.
This is not just a theoretical talk!!
Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Seattle area.