Rahul (c0dist) currently works as Principal Threat Researcher in a threat intelligence firm, with keen interest in information security, automation, human behaviour and everything else related to computers. He has specialisation in Python/Bash automation for various tasks such as pentesting, IOCs/OSINT collection, honeypots deployment, web scraping, threat intelligence collection and APIs integration. Rahul has previously interned with The Honeynet Project under the Google’s Summer of Code program. He has co-authored / contributed to multiple open-source security projects like SHIVA spam honeypot, Detux Linux sandbox, Android Tamer, HoneySpot, etc.Last year, Rahul presented in c0c0n X conference on the topic of “How to setup honeypots that work”. In his free time, Rahul like to play CTF (Top 30 finalist in Nullcon’s HackIM CTF) and find flaws in things (CVE-2016-8856 Foxit Reader LPE).
Talk Title: Active Defense using Honeypots
Abstract: People have been using Honeypots to understand the adversary techniques from long time. However, recently the popularity has gone down due to the baggage that comes with deploying the honeypots. Setting up a honeypot might be easy, but consuming the data and maintaining it is a difficult job. There are various aspects to creating a good honeypot network (Honeynet) and leveraging it to provide actionable intelligence.
In this workshop, our end goal is providing the responders with actionable information that could help them one-up their defence game. We plan to cover how attendees can setup multiple honeypot sensors and manage them. We will then discuss various pitfalls and issues that people face while deploying and using honeypots. Once we have presented solutions for these problems, we will move on to how to consume this data. We will also cover the Elasticsearch-Logstash-Kibana (ELK) stack to index, parse and consume the information. We believe at the end of the workshop, the attendees will be better equiped with the knowledge to setup robust honeypot networks (honeynets) and use them for active defence.
Prerequisites: Attendees should bring a Windows/Linux/Mac laptop with admin rights, virtualisation capability and WiFi capabilities for downloading required software and libraries.