Play all

Intro

Traditional Defensive Concepts

InfoSec Realities There is no magic security product that will protect you or your company. Period.

What is 'Active Defense

Why Internal Honeypots?

Honeypot Use Cases

First things first... Honeypots and Active Defense come after baseline security controls are in place.

Types of Honeypots

Windows PowerShell Honeyports

Artillery Logging • Port Scanning and/or illegitimate Service Access

Artillery Logging Bonus! • File Integrity Monitoring

WordPot

Honeybadger

Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.

Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS

Routers and Switches

High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring

Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.

Document Bugging

Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.

More Tricks

ASCII Art Distraction

Monitoring • Dedicated SOC - Security Operations Center

Event Correlation

Automating Response

Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Conden…

Description:

Explore active defense strategies and honeypot techniques in this 52-minute conference talk from GrrCON 2015. Delve into the realities of InfoSec, understanding that no single security product offers complete protection. Learn about various types of honeypots, including Windows PowerShell Honeyports, Artillery Logging, WordPot, Honeybadger, and Kippo. Discover how to implement and analyze these tools using LogRhythm Network Monitor, SIEM, and Suricata IDS. Gain insights on high-interaction honeypots, honey tokens, and document bugging techniques. Understand the importance of dedicated monitoring, event correlation, and automated response in a Security Operations Center. Acquire knowledge on ASCII art distraction and other tricks for enhancing your active defense capabilities.

Submersion Therapy - Honeypots for Active Defense

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Network Security #Incident Response #Honeypots #Active Defense

0:00 / 0:00