Current Honeypot-based tools have a huge disadvantage: Attackers can detect honeypots with simple techniques and are to some extent also able to circumvent and disable the logging mechanisms. On the basis of some examples, we will show methods for attackers to play with honeypots. Honeypots / Honeynets are one of the more recent toys in the white-hat arsenal. These tools are usually assumed to be hard to detect and attempts to detect or disable them can be unconditionally monitored. The talk sheds some light on how attackers usually behave when they want to defeat honeypots. We will encompass the process of identifying and circumventing current honeypot technology and demonstrate several ways to achieve this. The focus will be on Sebek-based honeypots, but we will also show some ways how to accomplish similar results on different honeypot-architectures. Upon completion of this lecture, the attendees will have some insight in the limitations of current honeypot technology. Individuals or organization that would like to setup or harden their own lines of deception-based defense with the help of honeypots will see some constraints on the reliability and stealthiness of honeypots. On the other side, people with more offensive mindsets will get several ideas on how to identify and exploit honeypots.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.