Last September I released my latest book, Intrusion Detection Honeypots: Detection through Deception.
Today, I’m announcing a brand new online course based on the book: Building Intrusion Detection Honeypots. You can sign up for the course here.
Intrusion Detection Honeypots are security resources placed inside your network whose value lies in being probed and attacked. These fake systems, services, and tokens lure attackers in, enticing them to interact. Unbeknownst to the attacker, those interactions generate logs that alert you to their presence and educate you about their tradecraft.
Building Intrusion Detection Honeypots will teach you how to construct, deploy, and monitor honeypots designed to catch intruders on your network. You’ll use free and open-source tools to work through over a dozen different honeypot techniques, starting from the initial concept and working to your first alert. This is the seminal course on strategic honeypot deployment for network defenders who want to leverage deception to find attackers on their network and slow them down.
- What makes an intrusion detection honeypot different from research honeypots.
- How to leverage the four characteristics of honeypots for the defender’s benefit: deception, interactivity, discoverability, and monitoring.
- How to think deceptively with an overview of deception from a psychological perspective.
- How to use the See-Think-Do framework to integrate honeypots into your network and lure attackers into your traps.
- Tools and techniques for building service honeypots for commonly attacked services like HTTP, SSH, and RDP.
- How to hide honey tokens amongst legitimate documents, files, and folders.
- To entice attackers to use fake credentials that give them away.
- Techniques for embedding honey credentials in services and memory so that attackers will find and attempt to use them.
- How to build deception-based defenses against common attacks like Kerberoasting and LLMNR spoofing.
- Monitoring strategies for capturing honeypot interaction and investigating the logs they generate.
For each honeypot, I’ll explain its overall goal and how it allows you to control what the attacker sees, thinks, and does. I’ll demonstrate the step-by-step instructions of how to build the honeypot. I’ll also advise on how to place it for discoverability in your network, and we’ll walk through considerations for making your honeypot more interactive to collect additional intelligence about the attacker. Finally, I’ll show you how to configure monitoring and alerting for the honeypot so you’ll know when an attacker interacts with it.
Intrusion Detection Honeypots are one of the most cost-effective, reliable forms of intrusion detection. If you want to start learning how to use deception against attackers with honey services, tokens, and credentials, Building Intrusion Detection Honeypots is the course you’re looking for. This course will empower you with the framework and tools you need to leverage deception against attackers and usher in a new paradigm of detection for your organization.
You can view a detailed course syllabus here and a sample video here.
Building Intrusion Detection Honeypots is open for immediate access now at a discounted launch rate until May 7th.
All the details to join and more information on the course contents are here: https://www.networkdefense.co/courses/honeypots/.
Note: A common question is “How much overlap is there between the book at the course?” The Building Intrusion Detection Honeypots course is based on the Intrusion Detection Honeypots: Detection through Deception book. You can think of the book as a textbook for the course. However, the course allows for more detailed hands-on demonstrations, the discussion of additional nuance, more hands-on monitoring walkthroughs, collaboration with other students, and coverage of more scenarios for deploying honeypots on your network. The course also contains additional honeypot techniques not covered in the book and will have more added over time. The good news is that you don’t have to decide between one or the other. When you purchase the Building IDH course, you receive a free electronic copy of the book!