SlideShare a Scribd company logo

Honeypot 101 (slide share)

Emil Tan
Emil Tan

"Honeypot 101" Computing Society, Royal Holloway, University of London March, 2015 Abstract: How many times have you come across the term “honeypot” in your lectures and textbooks, or security talks? How much do you know about them? Is “honeypot” a security tool or concept? In this presentation, I’ll walk you through the basics of honeypots, discuss its applications, and demonstrate some honeypots used by researchers.

Technology
1 of 22
Download to read offline
Honeypot 101 Emil Tan, Security+, GLEG, RHCSA/RHCT Team Lead, Edgis Research Guide, The Honeynet Project (Singapore Chapter)
The Honeynet Project The Honeynet Project is a leading international 501c3 non-profit security research organisation, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. Founded in 1999, The Honeynet Project has contributed to fight against malware and malicious hacking attacks and has the leading security professional among members and alumni.
What’s a Honeypot?  Information system resources which has no production values.  Its value lies in unauthorised or illicit use of that resource.  Its value lies in being probed, attacked, or compromised. Lance Spitzner (@lspitzner)  What can be used as a honeypot? Resources  Hardware (End-points, Servers, Standalone PCs, USB Sticks, etc.)  Software (Services, Files, etc.)  It’s all about the purposes of the honeypot
Purposes? Aims? Objectives?  Intelligence Gathering  Trend / Behaviour Analysis  Know Your Enemy (KYE)  Bait / Decoy  Narrow down further depending on who you are  Similar to Incident Reponse – SMEs v. MNCs v. Financial Institutes v. Military
High v. Low Interactions  High Interaction Honeypots  It is what it is (The actual thing)  Content Rich; The Actual Shell, Services, etc.  Low Interaction Honeypots  A program  Emulated services; Limited Interactivities
What’s a Honeynet!?  A network of honeypots
What’s Considered a Good Honeypot?  Purposes / Aims / Objectives  Attractiveness  Stickiness  Data Collection
Where Do I Start?  High Interactions  Throw all the security tools in there! – NIDS, HIDS, Keyloggers – Who cares about false positives?  In-Depth Data Capturing Tools – Sebek, Qebek, Capture-HPC, DPI  Egress Traffic Control – Snort Inline, iptables  Perimeter Control – Honeywall (Roo)  SSL Proxy & Traffic Analyser – HoneyProxy
Where Do I Start? (cont’d)  Low Interactions  The one that emulates everything (or the common services)! – Honeyd / Tiny Honeypot  Malware – Nepenthese, Dionaea, Honeytrap  Web Application – Glastopf  SSH – Kojoney, Kippo, Secure Honey  Client – Thug  ICS/SCADA – Conpot  USB Malware – Ghost USB
ENISA’s Proactive Detection of Security Incident  https://www.enisa.europa.eu/activities/cert/support/proactive-detection
My Beautiful Machines
Roo
Roo (cont’d)
Beeswarm
Kojoney (Low Interaction – SSH)
Kojoney (Low Interaction – SSH) (cont’d)
Kippo (Low Interaction – SSH)  Recorded TTYs by Leon van der Eijk (Chief Public Relations Officer)
Honeytrap (Low Interaction – Malware)  Dynamic Reactions to Incoming Traffics  PCAP-based Sniffer  IP_Queue Interface
Tarpit / SinkHoles
Considerations  High or low interaction?  Which honeypot tools to use? Or should I create my own?  Physical or Virtual Environment?  Placed Insider or Outside my Production Environment?  Level of Vulnerabilities?  Legal Considerations
Where To Go From Here?  Google Summer of Code (GSoC) – http://www.honeynet.org/gsoc  YouTube Channel – https://www.youtube.com/user/TheHoneynetProject  The Honeynet Project Workshop!  18 – 20 May 2015  Stavanger, Norway  Tutorials – http://edgis-security.org/lab-tutorials
Who’s Going to BSides London?  3rd June 2015  ILEC Conference Centre  CFP – http://bit.ly/BSidesLDN2015CFP  Call for Workshops – http://bit.ly/BSidesLDN2015CFW  Rookies Track – http://bit.ly/BSidesLDN2015Mentors

Recommended

Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 

Recommended

Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackersBilal Ahmed
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsLondon School of Cyber Security
 

More Related Content

What's hot

honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceTom K
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection systemRoshan Ranabhat
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackersBilal Ahmed
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber SecurityNikunj Thakkar
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 

What's hot (20)

Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
White hat and black hat hackers
White hat and black hat hackersWhite hat and black hat hackers
White hat and black hat hackers
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 

Viewers also liked

Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...AFCEA International
 
HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.Shantanu Kumar Das
 
Андрей Аваданей - Как с помощью honeypot защитить критические активы компании
Андрей Аваданей - Как с помощью honeypot защитить критические активы компанииАндрей Аваданей - Как с помощью honeypot защитить критические активы компании
Андрей Аваданей - Как с помощью honeypot защитить критические активы компанииHackIT Ukraine
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseChris Sistrunk
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Network Security-Honeypot
Network Security-HoneypotNetwork Security-Honeypot
Network Security-Honeypotnirate
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoringchrissanders88
 

Viewers also liked (18)

Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.
 
Андрей Аваданей - Как с помощью honeypot защитить критические активы компании
Андрей Аваданей - Как с помощью honeypot защитить критические активы компанииАндрей Аваданей - Как с помощью honeypot защитить критические активы компании
Андрей Аваданей - Как с помощью honeypot защитить критические активы компании
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
Honeypot
HoneypotHoneypot
Honeypot
 
Client Side Honeypots
Client Side HoneypotsClient Side Honeypots
Client Side Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
BSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 
Network Security-Honeypot
Network Security-HoneypotNetwork Security-Honeypot
Network Security-Honeypot
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoring
 
Honey pots
Honey potsHoney pots
Honey pots
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

Similar to Honeypot 101 (slide share)

Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...JoAnna Cheshire
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speedSreejith.D. Menon
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunk
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunk
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Phillip Maddux
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...North Texas Chapter of the ISSA
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with SplunkSplunk
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deceptionmilad saber
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapalibuildersreviews
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security AwarenessDigit Oktavianto
 

Similar to Honeypot 101 (slide share) (20)

Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to Honeypots
 
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
The Role of Threat Intelligence and Layered Securiy for Intrusion Prevention ...
 
Honey pots
Honey potsHoney pots
Honey pots
 
Ethical hacking at warp speed
Ethical hacking at warp speedEthical hacking at warp speed
Ethical hacking at warp speed
 
SplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for SecuritySplunkLive Auckland 2015 - Splunk for Security
SplunkLive Auckland 2015 - Splunk for Security
 
SplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for SecuritySplunkLive Wellington 2015 - Splunk for Security
SplunkLive Wellington 2015 - Splunk for Security
 
Splunk for Security
Splunk for SecuritySplunk for Security
Splunk for Security
 
Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)Deception in Cyber Security (League of Women in Cyber Security)
Deception in Cyber Security (League of Women in Cyber Security)
 
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
NTXISSACSC2 - The Role of Threat Intelligence and Layered Security for Intrus...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deception
 
Honeypots
HoneypotsHoneypots
Honeypots
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
amrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdfamrapali builders @@hacking printers.pdf
amrapali builders @@hacking printers.pdf
 
Information Security Awareness
Information Security AwarenessInformation Security Awareness
Information Security Awareness
 

More from Emil Tan

A Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityA Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityEmil Tan
 
Securing Mobile & Online Identity in the Cyber World
Securing Mobile & Online Identity in the Cyber WorldSecuring Mobile & Online Identity in the Cyber World
Securing Mobile & Online Identity in the Cyber WorldEmil Tan
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber WorldEmil Tan
 
Introduction to Memory Analysis
Introduction to Memory AnalysisIntroduction to Memory Analysis
Introduction to Memory AnalysisEmil Tan
 
Stalking in the Cyberspace
Stalking in the CyberspaceStalking in the Cyberspace
Stalking in the CyberspaceEmil Tan
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoSEmil Tan
 

More from Emil Tan (7)

A Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on CybersecurityA Multidisciplinary Perspective on Cybersecurity
A Multidisciplinary Perspective on Cybersecurity
 
Kippo 101
Kippo 101Kippo 101
Kippo 101
 
Securing Mobile & Online Identity in the Cyber World
Securing Mobile & Online Identity in the Cyber WorldSecuring Mobile & Online Identity in the Cyber World
Securing Mobile & Online Identity in the Cyber World
 
Securing Yourself in the Cyber World
Securing Yourself in the Cyber WorldSecuring Yourself in the Cyber World
Securing Yourself in the Cyber World
 
Introduction to Memory Analysis
Introduction to Memory AnalysisIntroduction to Memory Analysis
Introduction to Memory Analysis
 
Stalking in the Cyberspace
Stalking in the CyberspaceStalking in the Cyberspace
Stalking in the Cyberspace
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoS
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Honeypot 101 (slide share)

  • 1. Honeypot 101 Emil Tan, Security+, GLEG, RHCSA/RHCT Team Lead, Edgis Research Guide, The Honeynet Project (Singapore Chapter)
  • 2. The Honeynet Project The Honeynet Project is a leading international 501c3 non-profit security research organisation, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. Founded in 1999, The Honeynet Project has contributed to fight against malware and malicious hacking attacks and has the leading security professional among members and alumni.
  • 3. What’s a Honeypot?  Information system resources which has no production values.  Its value lies in unauthorised or illicit use of that resource.  Its value lies in being probed, attacked, or compromised. Lance Spitzner (@lspitzner)  What can be used as a honeypot? Resources  Hardware (End-points, Servers, Standalone PCs, USB Sticks, etc.)  Software (Services, Files, etc.)  It’s all about the purposes of the honeypot
  • 4. Purposes? Aims? Objectives?  Intelligence Gathering  Trend / Behaviour Analysis  Know Your Enemy (KYE)  Bait / Decoy  Narrow down further depending on who you are  Similar to Incident Reponse – SMEs v. MNCs v. Financial Institutes v. Military
  • 5. High v. Low Interactions  High Interaction Honeypots  It is what it is (The actual thing)  Content Rich; The Actual Shell, Services, etc.  Low Interaction Honeypots  A program  Emulated services; Limited Interactivities
  • 6. What’s a Honeynet!?  A network of honeypots
  • 7. What’s Considered a Good Honeypot?  Purposes / Aims / Objectives  Attractiveness  Stickiness  Data Collection
  • 8. Where Do I Start?  High Interactions  Throw all the security tools in there! – NIDS, HIDS, Keyloggers – Who cares about false positives?  In-Depth Data Capturing Tools – Sebek, Qebek, Capture-HPC, DPI  Egress Traffic Control – Snort Inline, iptables  Perimeter Control – Honeywall (Roo)  SSL Proxy & Traffic Analyser – HoneyProxy
  • 9. Where Do I Start? (cont’d)  Low Interactions  The one that emulates everything (or the common services)! – Honeyd / Tiny Honeypot  Malware – Nepenthese, Dionaea, Honeytrap  Web Application – Glastopf  SSH – Kojoney, Kippo, Secure Honey  Client – Thug  ICS/SCADA – Conpot  USB Malware – Ghost USB
  • 10. ENISA’s Proactive Detection of Security Incident  https://www.enisa.europa.eu/activities/cert/support/proactive-detection
  • 12. Roo
  • 16. Kojoney (Low Interaction – SSH) (cont’d)
  • 17. Kippo (Low Interaction – SSH)  Recorded TTYs by Leon van der Eijk (Chief Public Relations Officer)
  • 18. Honeytrap (Low Interaction – Malware)  Dynamic Reactions to Incoming Traffics  PCAP-based Sniffer  IP_Queue Interface
  • 20. Considerations  High or low interaction?  Which honeypot tools to use? Or should I create my own?  Physical or Virtual Environment?  Placed Insider or Outside my Production Environment?  Level of Vulnerabilities?  Legal Considerations
  • 21. Where To Go From Here?  Google Summer of Code (GSoC) – http://www.honeynet.org/gsoc  YouTube Channel – https://www.youtube.com/user/TheHoneynetProject  The Honeynet Project Workshop!  18 – 20 May 2015  Stavanger, Norway  Tutorials – http://edgis-security.org/lab-tutorials
  • 22. Who’s Going to BSides London?  3rd June 2015  ILEC Conference Centre  CFP – http://bit.ly/BSidesLDN2015CFP  Call for Workshops – http://bit.ly/BSidesLDN2015CFW  Rookies Track – http://bit.ly/BSidesLDN2015Mentors