Detecting attackers early in the attack process can be extremely challenging if not impossible. Yet strategic logging and tactical placement of publicly available information can take a know attack strategy and turn it into a weakness. Since we know the places where OSINT and recon tools pull data from (social media, code repositories, paste sites, PGP key repos), couldn't we place known-false content and then set alerts for when that data is used against our systems?
We can and we will! Come join Justin Henderson and Micah Hoffman in their joint Blue Team/OSINT webcast. We will examine common locations attackers harvest data from and how planting honeytokens and then monitoring for their use allows us to automate responses to potential attackers and gain early detection capabilities of targeted attacks.