Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Submersion Therapy - Honeypots for Active Defense

via YouTube

Overview

Explore active defense strategies and honeypot techniques in this 52-minute conference talk from GrrCON 2015. Delve into the realities of InfoSec, understanding that no single security product offers complete protection. Learn about various types of honeypots, including Windows PowerShell Honeyports, Artillery Logging, WordPot, Honeybadger, and Kippo. Discover how to implement and analyze these tools using LogRhythm Network Monitor, SIEM, and Suricata IDS. Gain insights on high-interaction honeypots, honey tokens, and document bugging techniques. Understand the importance of dedicated monitoring, event correlation, and automated response in a Security Operations Center. Acquire knowledge on ASCII art distraction and other tricks for enhancing your active defense capabilities.

Syllabus

Intro
Traditional Defensive Concepts
InfoSec Realities There is no magic security product that will protect you or your company. Period.
What is 'Active Defense
Why Internal Honeypots?
Honeypot Use Cases
First things first... Honeypots and Active Defense come after baseline security controls are in place.
Types of Honeypots
Windows PowerShell Honeyports
Artillery Logging • Port Scanning and/or illegitimate Service Access
Artillery Logging Bonus! • File Integrity Monitoring
WordPot
Honeybadger
Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.
Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS
Routers and Switches
High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring
Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.
Document Bugging
Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.
More Tricks
ASCII Art Distraction
Monitoring • Dedicated SOC - Security Operations Center
Event Correlation
Automating Response
Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Condensed Field Guide for the Cyber Security Incident Responder. United States: CreateSpace Independent. 2014

Reviews

Start your review of Submersion Therapy - Honeypots for Active Defense

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.