Honeypots and Deceptive Operations: Can you catch more spies with honey(pots)? presented at bsideslondon 2016

by David Chismon,

Summary : Detecting advanced (or just effective) attackers on internal networks is the subject of much research and marketing. Various technologies go through the cycle of being offered as solutions to this problem, from "Threat Intelligence" a few years ago to Behavioural Learning currently. Honeypots have lingered around the fringes but more honeypot products are being offered and stand a good chance of being one of the next technologies to ascend the hype curve.
This talk will look at honeypots and how they work, their benefits and their failings. It will cover a number of honey things such as honey creds, honey files, honey tokens etc. It will debate where such things may play a role in an organisation's defensive strategy and how an organisation can best implement them should they choose to. The talk will also briefly cover the wider idea where honeypots sit, that of deceptive operations whereby you attempt to deceive an attacker in order to detect or dissuade attacks.