COMMSEC: Nomadic Honeypots: How to Create Actionable CTI

Date

April 20, 2023

Time

15:00

Track

CommSec Track

PRESENTATION SLIDES (PDF)


 

We introduce a practical example of a game-changing concept called Automated Moving Target Defense (AMTD), where a dynamic fog of war is added on the defender side through deceptive response and nomadic honeypots. Thanks to our massive global infrastructure of honeypots in more than 50 countries (low to high interaction), we’ve worked on the topic linked to attackers that build up databases of potential victims over the medium term, meaning that they sometimes don’t strike again with the same firepower on a previously identified target.

Through a 101-style introduction about AMTD, we will explain how we were able to play against attackers with simple or advanced deception solutions, and how we moved from a static world to a dynamic one, toward a global automation to orchestrate changes in a way that creates a kind of fog of war by changing the attack surface. Beyond these necessary concepts, we will also share some of the results we captured on the battlefield, such as attacker behaviors, interesting weapons, useful statistics regarding the never-ending global war in the cyber sphere. And if you want to play on your side, we will share advice so you can play with easy DIY suggestions.

You will learn how to reduce the exposed attack surface through innovative battle-tested concepts, and how to create valuable items about attackers through a powerful intelligence lifecycle that can be injected directly into your security solutions, so that it can be used as prediction and prevention (CTI, IoC, TTP).

Speakers

Co-Founder & CTO

TEHTRIS

Other Talks in This Track

LOCATION

CommSec Track

DATE

April 20

TIME

11:00

LOCATION

CommSec Track

DATE

April 20

TIME

11:30

LOCATION

CommSec Track

DATE

April 20

TIME

12:00

LOCATION

CommSec Track

DATE

April 20

TIME

14:00