Honeypots for Active Defense

Explore active defense strategies and honeypot techniques in this comprehensive conference talk from Derbycon 2015. Delve into traditional defensive concepts, security engineering, and various use cases for honeypots. Learn about different honeypot types, including Linux and PowerShell examples, as well as public-facing options like Wordpot and PHPMyAdmin. Discover medium-interaction tools such as Capo and Kippo, and explore advanced techniques like router manhunting and wire transfers. Gain insights into monitoring, security tools, threat intelligence, and event correlation. Examine dynamic honeypots, rapid response tools, and the Modern Honey Network. Analyze data collection methods, including top user names, file access, and user agent strings. Conclude with recommended reading and a Q&A session to enhance your understanding of active defense and honeypot implementation.

Intro
Traditional Defensive Concepts
Theres Always a Way
Its Not Just APTs
What is Active Defense
Security Engineering
Use Cases
Honey Dr3
ADHD
Warning banners
Honeypot types
Linux example
PowerShell example
Artillery Supply
Artillery Logs
File Integrity Monitoring
Publicfacing Honeypots
Wordpot
PHPMyAdmin
Fake Application
Honey Badger
Example
Medium Interaction
Capo
Kippo
Github
Tools
Router Manhunter
Warnings
Audio Issues
Windows Box
Wire Transfer
Zip Bombs
NetCat
Monitoring
Security Tools
Thread Intelligence
Event Correlation
Dynamic Honeypots
Rapid Response Tools
PowerShell Recon
ippograph
Modern Honey Network
Data Collection
Top User Names
File Access
User Agent Strings
payloads
directionality
dashboard
recommended reading
questions