Completed
Event Correlation
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Submersion Therapy - Honeypots for Active Defense
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Traditional Defensive Concepts
- 3 InfoSec Realities There is no magic security product that will protect you or your company. Period.
- 4 What is 'Active Defense
- 5 Why Internal Honeypots?
- 6 Honeypot Use Cases
- 7 First things first... Honeypots and Active Defense come after baseline security controls are in place.
- 8 Types of Honeypots
- 9 Windows PowerShell Honeyports
- 10 Artillery Logging • Port Scanning and/or illegitimate Service Access
- 11 Artillery Logging Bonus! • File Integrity Monitoring
- 12 WordPot
- 13 Honeybadger
- 14 Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.
- 15 Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS
- 16 Routers and Switches
- 17 High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring
- 18 Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.
- 19 Document Bugging
- 20 Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.
- 21 More Tricks
- 22 ASCII Art Distraction
- 23 Monitoring • Dedicated SOC - Security Operations Center
- 24 Event Correlation
- 25 Automating Response
- 26 Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Conden…
