images
SecurityBSides Trainings

Course Description

Cyber deception is an innovative approach to enhance the security posture of organizations by misleading and deterring attackers. By creating a convincing illusion of valuable assets, cyber deception technologies trick attackers into revealing their tactics, techniques, and procedures. In this two-day course, participants will gain a comprehensive understanding of the fundamentals, implementation, and deployment of practical cyber deception. From design to deployment, attendees will learn about various types of deception techniques, including honeypots, honeynets, decoys, and lures. Additionally, participants will delve into advanced deception techniques, deception analytics and forensics, and emerging trends and future directions. The course will also include hands-on workshops where attendees can design and deploy their own deception campaigns, detect and respond to simulated cyber attacks, and analyze deception data. Join us for this exciting opportunity to explore the world of cyber deception and enhance your cybersecurity skills! The course is designed to provide participants with a comprehensive understanding of practical cyber deception, equipping them with the knowledge and skills to implement and use these techniques in real-world scenarios.

Prerequisite

  • Programming experience (C, C++, Python, .NET, and PowerShell)
  • A working Laptop
  • Virtualization Software - VMWare Preferred
  • System Administrator access required on both host and guest OSs
  • 60 GB free Hard disk space

Instructor Bio - Dr. Agostino Panico

Dr. Agostino Panico is a seasoned security expert with over 15 years of experience in the field of offensive security. With a focus on advanced red teaming, offensive operations, exploit development, product security testing, and deception. As one of the BSides Italy Organizers, Agostino stays on the forefront of industry developments and is dedicated to advancing the state of the art in security. Agostino holds different certification from various vendor. He is also one of the few hundreds people wworldwide that hold the GSE - GIAC Security Expert

Key Learning Objective

Understanding of Cyber Deception: Participants will learn the definition, concepts, history, and benefits of cyber deception

Fundamentals of Deception Technology: Participants will become familiar with the different types of deception and the components of a deception infrastructure

Implementation and Deployment: Participants will learn how to design, deploy, and manage deception campaigns using various deception techniques

Advanced Deception Techniques: Participants will learn about the latest techniques used in cyber deception, including lures and baits, deceptive file systems, and deceptive network topologies

Deception Analytics and Forensics: Participants will learn how to detect and respond to cyber attacks, collect and analyze deception data, and conduct incidence response and investigations

Emerging Trends and Future Directions: Participants will learn about the latest advancements in artificial intelligence, machine learning, and automated deception technologies

Hands-On Workshop: Participants will apply their knowledge through hands-on exercises, designing and deploying a deception campaign, detecting and responding to simulated cyber attacks, and analyzing deception data

Agenda

    • 09:00-18:00 Room#2

      Day 1

      2023-07-04

      Introduction to Cyber Deception

      • Definition and concepts
      • History and evolution
      • Importance and benefits
      • The Key Point: Threat Model

      Fundamentals of Deception Technology

      • Types of Deception
      • Deception Infrastructure
      • Designing Deception Campaigns Threat Aware

      Implementation and Deployment of Deception Techniques as Monday Quick Win

      • Decoys and Honeypots
      • Honeynets and Honeytokens
      • Deception Management Systems

      Case Studies and Best Practices

      • Real-world examples and success stories
      • Lessons learned and challenges
      • Industry standards and guidelines
    • 09:00-18:00 Room#2

      Day 2

      2023-07-05

      Advanced Deception Techniques

      • Lures and Baits
      • Deceptive File Systems
      • Deceptive Network Topologies

      Deception Analytics and Forensics

      • Detection and response to cyber attacks
      • Collecting and analyzing deception data
      • Incidence response and investigations

      Emerging Trends and Future Directions

      • Artificial Intelligence and Machine Learning
      • Automated Deception Technologies
      • Integration with other security solutions

      Hands-On Workshop

      • Design and deploy a deception campaign
      • Detect and respond to simulated cyber attacks
      • Analyze and interpret deception data