Your friendly neighborhood AppSec advisor and honeypot enthusiast. Formerly @ Goldman Sachs and Ernst & Young. Find his thoughts in code form committed to Github.
At this year’s Black Hat & Def Con there were a few firsts for me, and it was probably one of the best experiences I’ve had at these conferences. It was the first time I’ve attended a conference as a vendor (Signal Sciences), and the first time I’ve contributed to the conferences by participating in the Black Hat Arsenal and Def Con Demo Labs. Both experiences were awesome because they made it possible to meet and speak with so many great people that were at the conference.
Fortunately Signal Sciences did not do the typical vendor thing and rent a booth among the chaos of all the other badge scanning vendors. We opted to go for the poolside cabana, which end up being a true oasis for conferences goers. Tons of people stopped by to take a break, have a drink, and see what we were up to at Signal Sciences. The best part were the discussions that took place—it really became a place to talk with peers in the industry about challenges and new ideas. Even Patrick Gray of the Risky Business podcast chilled out at our cabana for a day!
HoneyPy and HoneyDB at Arsenal & Demo Labs
Two great events at Black Hat and Def Con are Arsenal (run by ToolsWatch) and Demo labs respectively. I decided to submit two of my projects as one demo, HoneyPy and HoneyDB. HoneyPy is a simple honeypot and HoneyDB is a web site that aggregates data from numerous honeypot sensors. Both of these projects have been a hobby for the past few years and I thought it would be fun to show them off and get feedback. As it turned out the response was better than expected.
A steady flow of people came by my demo station to learn about HoneyPy and HoneyDB. It was great to see such a wide variety of people that were interested, which ranged from students, the curious, and even others that run their own honeypots. The feedback was positive and I was most appreciative of the many suggestions and new ideas that were offered. In addition, being able to meet and get connected with others that are involved with honeypots was exciting. In fact, a new small community has formed as one of the attendees started a new Slack channel dedicated to honeypot enthusiasts.
It’s not an “open” group but if you’re interested in joining the Slack group you can hit me up on Twitter (@foospidy) or reach out to @HoneyFog on Twitter. There are also a few IRC channels on freenode.net, #honeypots and #honeynet.
In the end I have to consider the experience a success and extremely worthwhile. If you have an open source security tool that you’d like to have exposure and feedback I highly encourage you to submit it for next year’s Black Hat Arsenal and Def Con Demo Labs.
Want to know more about HoneyPy & HoneyDB?
Check out my slide deck on HoneyPy & HoneyDB from a recent OWASP chapter meeting presentation: