We're Moving! - Websites, That Is
Threat Intelligence / RECAP: Discussing deception with Chris Sanders

RECAP: Discussing deception with Chris Sanders

RECAP: Discussing deception  with Chris Sanders
Rick Holland
Read More From Rick Holland
September 24, 2020 | 3 Min Read

When I was a Forrester Research analyst, I had some strong opinions on deception technology. Approximately five years ago, I wrote, “Organizations that think they are ready for deception, are only deceiving themselves.” So when I saw my friend (and BBQ brother), Chris Sanders announce the release of his latest book, “Intrusion Detection Honeypots: Detection through Deception,” I knew we had to get him on our ShadowTalk podcast with Kacey and Charles and me to discuss further. You can listen to the episode here.

Source: https://twitter.com/chrissanders88/status/1300793953780981761

Chris interviewed over eighty people while researching for the book, and he covers fifteen deception techniques in it. He highlighted three deception techniques in our interview: 

  1. Injecting credentials into memory 
  2. Honey documents
  3. Honey services 

He convinced me that my previous assessment of deception needed to evolve and that it can be a useful tool in defenders’ arsenal. I agree with him that intrusion detection honeypots can provide highly actionable, low maintenance detection with a low chance of false positives. 

Our conversation: 

  • 00:27 – We start off talking BBQ, naturally. “Barbeque may not be the road to world peace, but it’s a start.” -Anthony Bourdain.
  • 07:30 – Chris’s origin story begins with” when my cousin built a meth lab,” followed up by “bad things happen when you practice redneck chemistry.”
  • 12:12 – We talk about Chris’s non-profit, the Rural Tech Fund, which has helped 100,000 rural children find technology jobs. 
  • 16:40 – We discuss Chris’s free online training, “The Cuckoo’s Egg Decompiled: An Introduction to Information Security,” based on Cliff Stoll’s epic book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Chris interviewed Hans Hübner, one of the adversaries in the intrusion, which is unique since we rarely hear the perspective of both the defender and the attacker.  
  • 21:50 – We start discussing his new book, “Intrusion Detection Honeypots: Detection through Deception.” 
  • 30:00 – We talk about honeypot interactivity and the nuances to it. Chris has an excellent quote regarding attackers, “When you are living off the land, there is only so much land to go around.” 
  • 32:40 – We discuss the psychological aspects of deception and manipulating attackers to undermine themselves. We also discuss Chris’s “See, Think, Do” framework for deception. 
  • 35:49 – We dig into the ethics of cyber deception. Chris has another great quote, “If you are asking yourselves if you are well equipped to do something, you’re probably not.”
  • 38:20 – We talk about transparency around deception if it benefits organizations and serves as a deterrent to adversaries. 
  • 41:19 – We get his take on adversarial deception in the real world.
  • 45:47 – We talk about what deception technique Chris recommends organizations implement first.  
  • 48:00 – We start to wrap up the conversation. 

Additional links: 

Related Blog Posts

We’re Moving! – Websites, That Is

We’re Moving! – Websites, That Is

December 15, 2022 | 1 Min Read

We’re excited to announce the next phase of...
APT Spotlight Series: Sandworm

APT Spotlight Series: Sandworm

December 8, 2022 | 4 Min Read

This blog is the latest in our series taking a...
Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

Vulnerability Intelligence Roundup: Five lessons learned since Log4Shell

November 29, 2022 | 4 Min Read

As the holiday season approaches, my family has...