SEARCH
TOOLBOX
LANGUAGES
Difference between revisions of "Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber"

Difference between revisions of "Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber"

From BruCON 2017

Jump to: navigation, search
(Created page with "What happens when you collect a bunch of good data, under good pretences only to realise that the findings that you were expecting are completely wrong? Before you quit infose...")
 
(No difference)

Latest revision as of 23:31, 26 August 2014

What happens when you collect a bunch of good data, under good pretences only to realise that the findings that you were expecting are completely wrong? Before you quit infosec and retreat to a farm, allow me to tell you about how I data transformed my data sewage into useful signatures. This talk will lay some ground work as to how honeypots relate to traditional security controls and how they differ, especially with regards to what they 'cost' to run. Then we will look at how a very cheap honeypot can be built, and how value can be derived from its simplistic output. Finally, I will look at how you can find further value in large data sets (the data set here was collected by the honeypot but the concepts can be applied to anything else) by looking past the obvious and factorising, or transforming the data. Did I mention that there will be drinking involved?