21C3 Fahrplan Version 1.1.7

21st Chaos Communication Congress
Vorträge und Workshops

Referenten
Picture of Thorsten Holz Thorsten Holz
Fahrplan
Tag 2
Ort Saal 2
Beginn 21:00 Uhr
Dauer 01:00
INFO
ID 109
Art Vortrag
Themenbereich Hacking
Sprache englisch
FEEDBACK

Anti-Honeypot Technology

Current Honeypot-based tools have a huge disadvantage: Attackers can detect honeypots with simple techniques and are to some extent also able to circumvent and disable the logging mechanisms. On the basis of some examples, we will show methods for attackers to play with honeypots.

Honeypots / Honeynets are one of the more recent toys in the white-hat arsenal. These tools are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. The talk sheds some light on how attackers usually behave when they want to defeat honeypots. We will encompass the process of identifying and circumventing current honeypot technology and demonstrate several ways to achieve this. The focus will be on Sebek-based honeypots, but we will also show some ways how to accomplish similar results on different honeypot-architectures.

Upon completion of this lecture, the attendees will have some insight in the limitations of current honeypot technology. Individuals or organization that would like to setup or harden their own lines of deception-based defense with the help of honeypots will see some constraints on the reliability and stealthiness of honeypots. On the other side, people with more offensive mindsets will get several ideas on how to identify and exploit honeypots.

Archived page - Impressum/Datenschutz