Over the next few weeks we’re going to announce the 44CON talks and workshops. Don’t forget to get your tickets!
Our next announcement is Azhar Desai & Nicholas Rohrbeck – Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!
Using honeytokens to detect breaches is an old idea that has been sporadically spoken about (and implemented less often). Despite recommendations from the occasional consultant, honeytokens have not been adopted as widely as they should have. This needed to change. In 2015, we released Canarytokens (http://canarytokens.org) to bring about wider use of tokens.
Canarytokens natively supports web bugs, DNS tripwires, SQL row tokens, document tokens and a handful of other friends. Via a simple web interface, several thousands of these tokens have been deployed worldwide (and a number of breaches have been reliably discovered). Considering that most tokens can be deployed in under 5 seconds, this was already pretty good ROI.
This year, tokens go much further. From abusing native OS functionality to bending cloud infrastructure, this talk covers work done in our new quest to “token all the things”. We’ll show infrastructure we built for users to easily set tripwires around their network without installing agents, deploying hardware or spending a cent. Along with file format chicanery and old fashioned web-app-abuse, we will show new techniques (and defensive hacks) that you can use to detect breaches on your networks.
Azhar writes and runs software with a security bent at Thinkst, an applied research company focusing on information security. He has, in the past, had fun presenting with others from Thinkst at conferences such as Troopers (2015) and HITB KL (2014).
Nick is a software developer at Thinkst Applied Research. Before arriving at Thinkst, he was primarily a Java developer, but now his days are filled with Python, network security research, DevOps tinkering and (badly) playing Go.