Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open Source Tools

BSidesLV 2015

Presented by: Nicholas Albright, Jason Trost
Date: Tuesday August 04, 2015
Time: 08:30 - 12:25
Location: Siena
Track: Training Ground I

In this workshop we will present an overview of the current state of the art of leveraging open source tools to build a novel intrusion detection system inside the enterprise. We will discuss the pros/cons and ins/outs of several major open source honeypots as well as how to manage and deploy these sensors using the Modern Honey Network, Splunk, as well as integration into other systems such as ArcSight.

Nicholas Albright

Nicholas grew up in the BBS era he developed an unhealthy interest in the digital underground, further fueled by books and movies like Wargames, Hackers, Sneakers, Cuckoos Egg, he quickly became one of the security problems plaguing telecom giant US West, Colorado University and other business in the Colorado Area. After the tragic loss of his father in 2004, and subsequently finding his fathers machine had been fully compromised by a piracy team, Nicholas and a handful of friends used their knowledge of hacking, cracking and general computer mischief to develop a group dedicated to tracking and reporting on botnet and malware author activities. Shadowserver was formed and most of the group found it was more fun to build honeynets than wareznets. Nicholas has moved on and no longer runs the Shadowserver team but his experience with information security research continued.

Jason Trost

Jason Trost is Director of Research at ThreatStream and is deeply interested in network security, DFIR, big data and machine learning. He has worked in security for almost ten years, and he has several years of experience leveraging big data technologies for security data mining. He is currently focused on building highly scalable systems for processing, analyzing, and visualizing high speed network/security events in real-time as well as systems for analyzing massive amounts of malware. He is a regular attendee of Big Data and security conferences, and he has spoken at Blackhat, FloCon, and Hadoop Summit. He has contributed to several security and big data related open source projects including the Modern Honey Network (MHN), BinaryPig, ElasticSearch, Apache Accumulo, and Apache Storm.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats