All times are in Pacific Daylight Time (UTC-0700).

  • Track: Main Channel: Saturday 10/10 @ 1600-1655 PDT
  • Slides

Given enough time and resources, advanced adversaries will bypass modern intrusion detection solutions. SIEMs are often configured to gather as much information as possible in an environment, and the resulting value of provided alerts and responses rely on attempting to lower the number of false positives. The goal of The Aerospace Corporation was to conduct an experiment in achieving higher fidelity true positive alerts by utilizing cyber deception concepts. Our research concluded that by through a mix of low and medium interactivity honeypots deployed on a production system, it is possible to gather not only true positive alerts but also threat intelligence on adversaries.

The talk will cover a brief overview of current FOSS deception solutions and will pivot to the research showcasing our own FOSS cyber deception experiment that detects and monitors cyber adversaries.

Henry Reed is a senior at California State University, Northridge and an intern in the Cyber Defense Solutions Department at The Aerospace Corporation. Reed obtained the Security+, RHCSA, and GPEN certifications, extensively researched both offensive and defensive cyber operations (managing to get yelled at by Aerospace’s IT in the process),...

Read More

twitter @MemeticHenry

© 2020 ShellCon