- This event has passed.
$ Free | Talk on HoneyPy & HoneyDB
June 22, 2017 @ 7:00 pm - 9:00 pm
I’d like to invite your meetup members to join us for our June 22 meeting. Phillip Maddux will be presenting “HoneyPy & HoneyDB”, a honeypot infrastructure for network security. The meeting facility (Cactus Data) can only accommodate 50 people, and our only RSVP mechanism is the TriPython meetup page. So, you will need to join the TriPython meetup in order to secure a seat for this event. https://www.meetup.com/tripython/events/240082927/
Abstract: This talk will provide a light intro to honeypots and their benefits, and highlight two projects HoneyPy and HoneyDB. Operating honeypot sensors on your internal network is a simple way to make your network “noisy” and can trip up malicious actors that have already penetrated your network. Also, leveraging data from honeypot sensors on the Internet can be a useful source of threat information. Are you leveraging honeypots in your organization? If not, why not? Adoption of these tools is likely about having simple easy to use interfaces and integrations into existing tools used by an organization. HoneyPy is a low interaction honeypot with the capability to be more of a medium interaction honeypot. HoneyPy is written in Python and is intended to be easy to: deploy, extend functionality with plugins, and apply custom configurations. The level of interaction is determined by the functionality of its plugins. Plugins can be created to emulate UDP or TCP based services. All activity is logged to a file by default, but posting honeypot activity to Twitter, a Slack channel, or a web service endpoint can be configured as well. HoneyPy is ideal as a production honeypot on an internal network or as a research honeypot on the Internet. HoneyDB is a web site dedicated to publishing honeypot data from HoneyPy sensors on the Internet. It also offers honeypot data for download via a REST API. Web site users can also log into HoneyDB and maintain a ThreatBin, which is custom list of honeypot session data bookmarked by the user. Future features include consolidated threat information from other honeypot Twitter accounts, and expanding the API. Phillip Maddux is a Senior Solutions Engineer at Signal Sciences and has over 10 years of experience in information security, with the majority of that time focused on application security in the financial services sector. In his spare moments he enjoys converting ideas to code and committing them to Github.