h0neytr4p - How to catch the external threat actors with an easy to configure Honeypot

Abstract

Working for large clients, we realised that large enterprises don’t have any mechanism to trap external threat actors primarily exploiting web vulnerabilities. They are still reliant on threat intel firms to block potential attacker IPs. Sure, there are honeypots but it’s really hard and time taking to configure. The turnaround time for SOC teams to configure a honeypot for a recently disclosed vulnerability is very high, discouraging the use of the same. We aim to fix this by introducing a template based honeypot. Honeytrap is stateless, it understands patterns and it can be configured to catch complicated 0day or 1day vulnerability exploitation attempts within minutes. It empowers and encourages blue teams to put an active honeytrap network around the network which can be used to capture Indicators of compromise that can be used to block at the perimeter firewall. h0neytr4p comes in a light weight single binary deployment mode, takes either one or multiple templates as input and has csv output mode which can be easily piped onto custom tools. Currently, it supports HTTP only but the plan is to make it a unified platform that supports SSH, RDP or any other protocols spanning multiple scenarios. Honeytr4p on github: https://github.com/pbssubhash/h0neytr4p


Speakers Information


Subhash Popuri

Subhash is a Consultant (Red Team & aspiring Purple Teamer) with EY, India. He’s regularly seen contributing to the cyber security community by security tooling (https://github.com/pbssubhash). On a daily basis, Subhash performs Adversary simulation, He developed several open source and closed source tools like Ransomware simulator, Attack simulators, C2 frameworks leveraging lesser known techniques for blue teams to test their existing detection mechanism’s efficacy against advanced and lesser known techniques. Apart from work, he spends most of his free time researching ML and Data Science for better Cyber security detection, watching movies, cooking and gardening. He was privileged to work with many world renowned security teams like Google, Facebook, Twitter, Microsoft, Dell, Cisco among many others as a part of their bug bounty /responsible disclosure programs. He was also fortunate enough to have helped the USA.GOV, National cyber security council of Netherlands, National Informatics center of India’s security staff about potential security vulnerabilities.


Aakash Madaan

Aakash is an aspiring Red Teamer associated with Ernst & Young (EY) India’s Cyber security practice. He has been recognized by various companies for identifying and responsibly reporting critical vulnerabilities in their applications. Stood out as one of the top 15 researchers who identified and reported critical vulnerabilities to National Critical Information Infrastructure Proctection Centre (NCIIPC) for the First Quarter, 2021. He performed VAPT for large scale organisations and identified critical issues. He has contributed to a continuous automated VAPT platform leveraging several popular and commercial tools, this platform is currently deployed for large scale manufacturing organisations. His core skills involve Red Teaming on Active Directory Environments, VAPT for Web and Mobile applications, Social Engineering and Cloud Security Assessment. He is familiar with coding in Python, C, C++, Bash Scripting and JavaScript. He has published exploits for previously identified vulnerabilities on Exploit-DB. He currently holds ‘Guru’ Rank at Hack The Box, an advanced network security simulation and training range. He has also trained several professionals from the Banking and Financial sector on Application Security.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.