Colby Prior
Colby Prior is the Infrastructure Engineer for AusCERT.

He has a background in DevOps and managing infrastructure. Colby has a strong focus on security and is involved information security community in Queensland

Tutorial: An introduction to running your own honeypot

Technical Level (3 being the highest score): 2

Our public networks are probed for attack vectors every day. These probes and attacks can be identified and measured to build threat intelligence that we can use to identify compromised hosts.

Even our private networks are often more open than we would like with WiFi often provided with a convenience first and security second principal.

While Internet honeypots give a view of attackers and malware, local network honeypots can give a critical indication of active threats inside of your network.

This workshop will cover an introduction to honeypots and allow everyone to run their own Cowrie honeypot. Cowrie is a ssh and telnet honeypot designed to log brute force attacks and capture malware pulled down from command and control servers.

Part 1
1. Introduction to honeypots
2. Running a Cowrie ssh honeypot
3. Connecting to the honeypot as an attacker
4. Inspecting the results

Part 2
1. Running Snare/Tanner honeypot
2. Connecting to the Snare/Tanner honeypot as an attacker
3. Inspecting the Snare/Tanner honeypot results
4. Demo of results with elasticsearch

Participants need to be able to use a linux terminal

Secure your place now!