When a new zero day vulnerability comes knocking we have to jump into noisy and sensitive production systems to do digging for indication of compromise. With a simulated copy of production environments in a public sandbox we can easily extract malicious probing from legitimate traffic and investigate successful attacks without operational sensitivity.
This talk will cover the steps involved in running a fake company as a complex honeypot targeted to replicate real production environments. Key points will include how to increase exposure to the honeypot environment while reducing noise and building analysis tools.
We will walk through scenarios of how a complex honeypot environment can help respond to zero day vulnerabilities and build threat intelligence with hands-on examples.
