Adrian Sanabria explains why deception is the most overlooked opportunity in security operations today. This Free Upskill Challenge provides an introduction into how honeypots and honeytokens can be used as a cheat code for detection engineering.
Price = FREE!
Get a glimpse into the devious and delightful world of defender deception. Defenders have the home court advantage but often don’t take advantage of it. Attackers gain access to an enterprise environment and find default settings, familiar architectures, and aren’t challenged or detected when pivoting through environments.
There’s a common phrase I find annoying: “Attackers only have to get it right once; defenders have to get it right every time.”
Not only is this sentiment untrue, it’s also demotivating and defeatist. This phrase is only correct for the first step of the attack. Following that, the power balance flips, as the attacker is in the defender’s house. Much like Kevin in Home Alone, there’s no reason the attacker should have an easy time. Once in the defender’s environment, it is the attacker that has to evade detection 100% of the time, and the defender only needs to detect the attacker once.
What’s an Upskill Challenge (UC)?
A UC is a CTF-style, bite-sized lesson from the JHT Team, our courseware developers as well as “friends” of JHT. They are meant to be short and to the point. UCs focus on a single tool or concept and are helpful in quickly providing useful skills that might be prerequisites for other types of educational content on the platform.
A UC should be 10 – 30 minutes of student time and have no VMs. There are quizzes to make sure that the content is understood.
Prerequisites for UC – Detection via Deception
UCs assume no knowledge at all! They’re meant to be completely self-contained, so all of the answers are in the lesson. No outside research is required.
