Submersion Therapy - Honeypots for Active Defense
Offered By: YouTube
Course Description
Overview
Syllabus
Intro
Traditional Defensive Concepts
InfoSec Realities There is no magic security product that will protect you or your company. Period.
What is 'Active Defense
Why Internal Honeypots?
Honeypot Use Cases
First things first... Honeypots and Active Defense come after baseline security controls are in place.
Types of Honeypots
Windows PowerShell Honeyports
Artillery Logging • Port Scanning and/or illegitimate Service Access
Artillery Logging Bonus! • File Integrity Monitoring
WordPot
Honeybadger
Kippo Python script which simulates an SSH service that is highly customizable, portable, and adaptable.
Analysis Tools • LogRhythm Network Monitor and SIEM Suricata IDS
Routers and Switches
High Interaction Warning! • Deploying real systems / devices / services is dangerous and requires dedicated monitoring
Honey Tokens • Use file integrity monitoring to track all interactions with files/folders/etc of interest. Great for network shares.
Document Bugging
Document Tracking Issues If the document is opened up offline it will divulge information about the tracking service.
More Tricks
ASCII Art Distraction
Monitoring • Dedicated SOC - Security Operations Center
Event Correlation
Automating Response
Works Cited & Recommended Reading Strand, Jahn, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense, 2013, Murdoch, D. W. Blue Team Handbook: Incident Response Edition: A Condensed Field Guide for the Cyber Security Incident Responder. United States: CreateSpace Independent. 2014
Related Courses
Breaking the Teeth of Bluetooth PadlocksYouTube Closing Keynote Lectures or Life Experiences Awareness Training that Works
YouTube Do You Want Educated Users Because This is How You Get Educated Users
YouTube Don't Blame That Checklist for Your Crappy Security Program
YouTube Managing Your MSSP
YouTube