You
MUST register through eventbrite to gain access to this session (Day 2).
BSD Honeypots with Zeek - Of course it runs on BSDSummary: I did a talk at BSDCan 2020 highlighting the use of BSD as a platform for honeypots. Central to this talk was the use of Zeek and the intel framework to correlate all of this data together while utilizing FreeBSD jails to separate the honeypot from Zeek. I emulated services using a honeypot Python framework in one jail, while using Zeek to monitor all of the traffic going towards the jail. I intend to update this talk to be more focused on the setup of Zeek.
Abstract: In the past, there was some interest in the setting up of honeypots on BSD operating systems with tools like honeyd. Honeypots attempt to capture malicious code, network worms and attackers by emulating vulnerable services using a variety of methods. An opportunity came up for me to try to capture some malicious code using a simple setup with Zeek and FreeBSD jails. The setup was simple and easy to replicate as a way to perform security research on current attacks across the Internet and correlate with other threat sources for analysis.
Slack Channel for this session - vzw-day2-talk6-bsd-honeypots
Haven't joined the Zeek Slack space yet you can do so at:
https://join.slack.com/t/zeekorg/shared_invite/zt-cgz9wa7p-BXihgVtZlmnRfHZXmUltZQLink to Session Survey - https://forms.gle/aFCTXniakuJGi7YN9