Honey Users for Cybersecurity | John Strand | BHIS Nuggets

Подписаться 61 тыс.

Просмотров 2,3 тыс.

50% 1

Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhills...
🔗 Download John's Free Training VM Lab here:
www.antisyphon...
Description: An effective way to shut down Password Spraying. This technique is part of the MITRE ATT&CK technique matrix.
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchan...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-gen...
Black Hills Infosec Services
Active SOC: www.blackhills...
Penetration Testing: www.blackhills...
Incident Response: www.blackhills...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsa...
Play B&B Online: play.backdoors...
Antisyphon Training
Pay What You Can: www.antisyphon...
Live Training: www.antisyphon...
On Demand Training: www.antisyphon...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhills...
Wild West Hackin' Fest RU-vid: / wildwesthackinfest
Active Countermeasures RU-vid: / activecountermeasures
Antisyphon Training RU-vid: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackin...

Опубликовано:

28 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 6

@KennithJay 11 месяцев назад

Awesome sauce 👍

@hptc4400 11 месяцев назад

Excellent approach to detecting password sprays!!!

@Cybersader 11 месяцев назад

Literally chose to do this for a project in one of my grad school class. I'm gonna be purple teaming this with a SIEM, pair it up with time series analysis for comparison, and various evasion methods you mentioned. I'm always trying to think about other novel places to apply trapping, tripping, and tracing like this because it's cost effective

@mikegropp 11 месяцев назад

Great insight!

@breakingcustombc2925 11 месяцев назад

Would an attacker that has already compromised a computer and can see the GAL, notice the honey user not there and might seem it to be a fake account? Would you recommend syncing those honey users so they show up in the GAL?

@edemfromeden5432 11 месяцев назад

I would say it is a 50/50 situation. Adversaries might perform further reconnaissance on users objects e.g. listing group membership and proceeding with password spraying or other techniques just on a subset of identified users, where’s others would run through all users regardless. IMHO it depends on the threat actor. The more sophisticated, the more careful and diligent the recon. So I agree good point with GAL, another trace would be lack of group membership, so this certainly isn’t a solution that will resolve all problems.