YoVDO

Submersion Therapy - Honeypots for Active Defense

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Network Security Courses Incident Response Courses Honeypots Courses Active Defense Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore active defense strategies and honeypot techniques in this 52-minute conference talk from GrrCON 2015. Delve into the realities of InfoSec, understanding that no single security product offers complete protection. Learn about various types of honeypots, including Windows PowerShell Honeyports, Artillery Logging, WordPot, Honeybadger, and Kippo. Discover how to implement and analyze these tools using LogRhythm Network Monitor, SIEM, and Suricata IDS. Gain insights on high-interaction honeypots, honey tokens, and document bugging techniques. Understand the importance of dedicated monitoring, event correlation, and automated response in a Security Operations Center. Acquire knowledge on ASCII art distraction and other tricks for enhancing your active defense capabilities.

Syllabus

Intro
Traditional Defensive Concepts
InfoSec Realities There is no magic security product that will protect you or your company. Period.
What is 'Active Defense
Why Internal Honeypots?
Honeypot Use Cases
First things first... Honeypots and Active Defense come after baseline security controls are in place.
Types of Honeypots
Windows PowerShell Honeyports
Artillery Logging • Port Scanning and/or illegitimate Service Access
Artillery Logging Bonus! • File Integrity Monitoring
WordPot
Honeybadger
Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.
Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS
Routers and Switches
High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring
Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.
Document Bugging
Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.
More Tricks
ASCII Art Distraction
Monitoring • Dedicated SOC - Security Operations Center
Event Correlation
Automating Response
Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Condensed Field Guide for the Cyber Security Incident Responder. United States: CreateSpace Independent. 2014


Related Courses

Breaking the Teeth of Bluetooth Padlocks
YouTube
Closing Keynote Lectures or Life Experiences Awareness Training that Works
YouTube
Do You Want Educated Users Because This is How You Get Educated Users
YouTube
Don't Blame That Checklist for Your Crappy Security Program
YouTube
Managing Your MSSP
YouTube