SEARCH
TOOLBOX
LANGUAGES
Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber

Data transforming your sewage into signatures - lessons learnt from building a hybrid honeypot named Amber

From BruCON 2017

Revision as of 23:31, 26 August 2014 by Znb (talk | contribs) (Created page with "What happens when you collect a bunch of good data, under good pretences only to realise that the findings that you were expecting are completely wrong? Before you quit infose...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

What happens when you collect a bunch of good data, under good pretences only to realise that the findings that you were expecting are completely wrong? Before you quit infosec and retreat to a farm, allow me to tell you about how I data transformed my data sewage into useful signatures. This talk will lay some ground work as to how honeypots relate to traditional security controls and how they differ, especially with regards to what they 'cost' to run. Then we will look at how a very cheap honeypot can be built, and how value can be derived from its simplistic output. Finally, I will look at how you can find further value in large data sets (the data set here was collected by the honeypot but the concepts can be applied to anything else) by looking past the obvious and factorising, or transforming the data. Did I mention that there will be drinking involved?