SecurityBSides Trainings
Course Description
Cyber deception is an innovative approach to enhance the security posture of organizations by misleading and deterring attackers. By creating a convincing illusion of valuable assets, cyber deception technologies trick attackers into revealing their tactics, techniques, and procedures. In this two-day course, participants will gain a comprehensive understanding of the fundamentals, implementation, and deployment of practical cyber deception. From design to deployment, attendees will learn about various types of deception techniques, including honeypots, honeynets, decoys, and lures. Additionally, participants will delve into advanced deception techniques, deception analytics and forensics, and emerging trends and future directions. The course will also include hands-on workshops where attendees can design and deploy their own deception campaigns, detect and respond to simulated cyber attacks, and analyze deception data. Join us for this exciting opportunity to explore the world of cyber deception and enhance your cybersecurity skills! The course is designed to provide participants with a comprehensive understanding of practical cyber deception, equipping them with the knowledge and skills to implement and use these techniques in real-world scenarios.
Prerequisite
- Programming experience (C, C++, Python, .NET, and PowerShell)
- A working Laptop
- Virtualization Software - VMWare Preferred
- System Administrator access required on both host and guest OSs
- 60 GB free Hard disk space
Instructor Bio - Dr. Agostino Panico
Dr. Agostino Panico is a seasoned security expert with over 15 years of experience in the field of offensive security. With a focus on advanced red teaming, offensive operations, exploit development, product security testing, and deception. As one of the BSides Italy Organizers, Agostino stays on the forefront of industry developments and is dedicated to advancing the state of the art in security. Agostino holds different certification from various vendor. He is also one of the few hundreds people wworldwide that hold the GSE - GIAC Security Expert
Key Learning Objective
Agenda
-
-
Room#2
Day 1
Introduction to Cyber Deception
- Definition and concepts
- History and evolution
- Importance and benefits
- The Key Point: Threat Model
Fundamentals of Deception Technology
- Types of Deception
- Deception Infrastructure
- Designing Deception Campaigns Threat Aware
Implementation and Deployment of Deception Techniques as Monday Quick Win
- Decoys and Honeypots
- Honeynets and Honeytokens
- Deception Management Systems
Case Studies and Best Practices
- Real-world examples and success stories
- Lessons learned and challenges
- Industry standards and guidelines
-
Room#2
Day 2
Advanced Deception Techniques
- Lures and Baits
- Deceptive File Systems
- Deceptive Network Topologies
Deception Analytics and Forensics
- Detection and response to cyber attacks
- Collecting and analyzing deception data
- Incidence response and investigations
Emerging Trends and Future Directions
- Artificial Intelligence and Machine Learning
- Automated Deception Technologies
- Integration with other security solutions
Hands-On Workshop
- Design and deploy a deception campaign
- Detect and respond to simulated cyber attacks
- Analyze and interpret deception data
-