Colby has a background in DevOps and managing infrastructure.

Colby has a strong focus on security and is involved in the information security community in Queensland.

Tutorial: An introduction to running your own honeypot

Our public networks are probed for attack vectors every day. These probes and attacks can be identified and measured to build threat intelligence that we can use to identify compromised hosts.

Even our private networks are often more open than we would like with WiFi often provided with a convenience first and security second principal.

While Internet honeypots give a view of attackers and malware, local network honeypots can give a critical indication of active threats inside of your network.

Everyone participating this workshop will get hands on experience with the following:

1. Running a Cowrie ssh honeypot
2. Using Thug as a Javascript client honeypot
3. Running Snare/Tanner web honeypot
4. Attacking your own honeypots and analysing the results
5. Exporting the honeypot results to tools like Elasticsearch to SOAR with relevant threat intelligence

Participants need to be able to use a Linux terminal and ssh.

Nb. This tutorial was offered at AusCERT2020