2023-10-14 –, Hochschule München - R1.006
It can take months after a malicious attacker gains access to your system to even know they were there. Next comes months of painful work, analyzing logs, changing credentials, notifying customers, reviewing source code, and we haven’t even talked about the cost of the breach itself. So how can you know when an attacker has infiltrated your systems and bypassed your security? Honey tokens are a great way to know when an attacker has breached your systems. Honeytokens are credentials that don't actually grant any access but instead trigger alerts that report the intruder's activity.
When attackers gain access to a system, they immediately look for ways to gain more control. One of the easiest ways to expand their presence is to find plaintext credentials lying around in code, config files, or logs, this makes Honey Tokens the perfect trap. In this workshop, we will walk through exactly how to create real Honey Tokens you can put in your own infrastructure to trip attackers in their stride using open-source tools and your own cloud infrastructure.
If you are working to detect and stop intruders in their tracks, then this session is for you.
Sections:
Part 1 What are honey tokens? During the first section, we will explore exactly what honey tokens are and why they are such an effective method of detection.
Part 2, understanding how honey tokens fit in your environment. Honey tokens are extremely lightweight which means, unlike other honey pots, we can put them everywhere in our infrastructure. During this section, we will explore the mechanics behind them and why simply looking for credentials is enough to trigger them.
Part 3, creating your honey tokens. Honey tokens are surprisingly easy to create, we will deploy a simple honey token project live using the open-source tool GGCanary but also explore exactly what is happening so the process can be replicated.
Part 4, let's have some fun. Now we have created a honey token, let's have some fun and leak them. We will leak honey tokens in public locations like GitHub and watch malicious bots try and exploit them in real-time.
Part 5, automating deployment. In the last part, we will look at how we can automate the deployment of honey tokens at scale in a large organization to get maximum coverage.
Tools Used
This talk focuses on using the open-source tool GGCanary https://github.com/GitGuardian/ggcanary
notes
Attendees can bring their laptops and follow along with this workshop. But if they wish they can also just watch as all attendees will get a take-home guide so with all the steps used in the workshop https://blog.gitguardian.com/honeytoken-workshop/
Mackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learned first-hand how critical it is to build secure applications with robust developer operations.
Today as a Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.