Completed
InfoSec Realities There is no magic security product that will protect you or your company. Period.
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Submersion Therapy - Honeypots for Active Defense
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Traditional Defensive Concepts
- 3 InfoSec Realities There is no magic security product that will protect you or your company. Period.
- 4 What is 'Active Defense
- 5 Why Internal Honeypots?
- 6 Honeypot Use Cases
- 7 First things first... Honeypots and Active Defense come after baseline security controls are in place.
- 8 Types of Honeypots
- 9 Windows PowerShell Honeyports
- 10 Artillery Logging • Port Scanning and/or illegitimate Service Access
- 11 Artillery Logging Bonus! • File Integrity Monitoring
- 12 WordPot
- 13 Honeybadger
- 14 Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.
- 15 Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS
- 16 Routers and Switches
- 17 High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring
- 18 Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.
- 19 Document Bugging
- 20 Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.
- 21 More Tricks
- 22 ASCII Art Distraction
- 23 Monitoring • Dedicated SOC - Security Operations Center
- 24 Event Correlation
- 25 Automating Response
- 26 Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Conden…