Sweetening Your Threat Intelligence with Automated Honeypots

Thursday, June 28, 2018

12:00 PM1:00 PM


Audience [1]: [Pb] **Public**
Slides:  Linked here

Many organizations currently deploy honeypots within their networks to generate actionable threat intelligence. However, the process of deploying numerous honeypots across a network can require a significant amount of setup and configuration. We will present a method for dynamically and automatically deploying honeypots using Docker and Ansible, as well as deployment techniques for several popular cloud providers. By using these techniques to deploy honeypots, organizations can rapidly and easily enhance their current threat intelligence.


Alexander Merck is a security engineer at Duke University, with emphasis in security automation, network security, and reverse engineering. When not actively attacking or defending networks, Alex can be found spreading honeypots across the world.

Chris Collins is a senior automation engineer and the web architecture lead at Duke University’s Office of Information Technology. He’s a container and automation evangelist, helps leads adoption of containers within the university, and loves to talk about them with anyone who will listen, much to the annoyance of the co-workers who sit closest to him.



TechBursts are limited to REN-ISAC members unless marked with one of the following exception tags:

- "MG" (Members and Guests)  sessions are open to members and hosted, trusted guests of members. Access to MG TechBursts require authentication with a REN-ISAC userid and password. So, guests must view the webcast with the member present.

- "Pb" (Public) indicates a session is open to the public.

**This TechBurst will be archived.**