How to Make a Honeypot Stickier - SSH

Learn how to enhance SSH honeypot effectiveness in this conference talk from GrrCON 2019. Explore data challenges, honeypot fundamentals, and configuration techniques to create stickier traps for potential attackers. Discover strategies for analyzing collected data, including rare file detection and integration with VirusTotal and GreyNoise. Gain insights into the hunting process, lessons learned, and practical implementation tips. Includes a live demonstration and Q&A session to deepen understanding of advanced honeypot deployment and management.

Introduction
Global Killer App
Agenda
Data Challenges
Why Honeypot
What is Honeypot
Before and After
Before
Gray Noise
Attack
Configuration
User Database
File System Layout
Commands
Breaking Down the Data
Rare Files
Virus Total
Grey Noise
Proof of Concept
Hunting Process
What We Learned
Clap
Chisel
Post Tense
Slack Alerts
Demo
Lessons Learned
Getting Started
Any Questions