Building Intrusion Detection Honeypots

Building Intrusion Detection Honeypots will teach you how to build, deploy, and monitor honeypots designed to catch intruders on your network. You’ll use free and open source tools to work through over a dozen different honeypot techniques, starting from the initial concept and working to your first alert. Building Intrusion Detection Honeypots is the seminal course on strategic honeypot deployment for network defenders who want to leverage deception to find attackers on their network and slow them down.

syllabus

• What makes an intrusion detection honeypot different from research honeypots.
• How to leverage the four characteristics of honeypots for the defender’s benefit: deception, interactivity, discoverability, and monitoring.
• How to think deceptively with an overview of deception from a psychological perspective.
• How to use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
• Tools and techniques for building service honeypots for commonly attacked services like HTTP, SSH, and RDP.
• How to hide honey tokens amongst legitimate documents, files, and folder.
• To entice attackers to use fake credentials that give them away.
• Techniques for embedding honey credentials in services and memory so that attackers will find and attempt to use them.
• How to build deception-based defenses against common attacks like Kerberoasting and LLMNR spoofing.
• Monitoring strategies for capturing honeypot interaction and investigating the logs they generate.