BSidesSF 2018

The concept of honeypots and deception has been leveraged by cyber-defenders for many years. Today, though, the emergence of maturing technologies allows us to add a new twist on the classic honeypot approach. Some argue that honeypots were ahead of their time. In the past, honeypots were useful but scale was a limiting factor for the amount of benefit and return on investment achieved from their use. However, with modern technologies like virtualization, cloud computing, containers and DevOps tool chains, we can now scale honeypots to make them statistically relevant in modern large-scale enterprise networks. Furthermore, we can utilize existing programming frameworks to develop interesting types of honeypot technologies. In particular, this presentation describes the notion of dynamic deception at scale using the Python-based Twisted networking framework. The talk will provide details on honeypot essentials and how scale can be achieved with new technologies. The primary discussion will be focused on Twisted, and how it can be used to rapidly create both static and dynamic honeypots.