Pedram Hayati (AUS)

Topic of presentation: Deception Defence 101 – a cost effective way to setup a Deceptive Defence environment (Regular Talk)

The concept of deception security has been around since early 1990. However, its rate of adaption has been very slow. Deception security has been primarily used for research (ad-hoc hobbyist using honeypot systems or commercial rebranding of the same systems) and rarely as a protection mechanism. The security industry has a very limited understanding of Deception security and is not using it at its full capacity.

This is presentation is based on my research into Deception security. I will take you through a journey starting from deception fundamentals in real-world to Deception Defence. I will describe a hand-picked selection of principles in Deception Defence and explain how deception tactics can be used by an adversary, i.e. Deception Offence.

Lastly, depending on the time available, I will demo a setup of a Deceptive Defence platform on Azure and Office 365. I will show by applying some smart configurations and with no additional tool, you can significantly increase the cost of an attack. In one example, by applying a simple change to a host, I have 30 times increased the time to a successful reconnaissance.

Agenda of presentation

1. What is Deception security
a. Deception fundamental in the real-world
b. What is Deception security
c. Deception Defence goals
2. Why do we need Deception Defence
a. Where Deception Defence seats the security lifecycle?
i. Prevention, Detection, Monitoring, Response
3. A bit of history
4. How Deception Defence works?
a. Two (out of 10) Principles
5. Problems with Deception Defence
a. Is it ethical
6. What and how of Deception Offense
Demo – Applying Deceptive Defence on Azure and Office 365

Short biography

Yet another guy travelling from Down Under who works at elttam.