HAXPO: Hey Attacker! I Can See You!

This talk will be LIVE STREAMED on YouTube: https://youtube.com/hitbsecconf


How do you cope when you’re being attacked thousands of times per second? How do you take this information and turn it into meaningful threat intelligence? How do you track attackers back to their home town? Who are they, what do they want and where are their profile pics?

To answer our these questions and to better protect Azure it’s not enough to just set up a honeypot and watch the results roll in, we needed something different – something that would work at the cloud scale.

In ‘The Matrix’ sentient machines subdue the population by developing a highly sophisticated simulation. At Microsoft we’ve developed a new type of deception technology that allows us to use psychological and detailed technical approaches to control the behaviour of an attacker and to analyse their tools, techniques and malware at the cloud scale.

In this presentation I’ll show we how we built our deception network, some of the successes of running a Matrix like environment, failures where a glitch was spotted as well as deception approaches that could be applied to other domains. Crucially attackers have social networks and defenders can use this to!

Using these techniques, we can better track the person or group behind the threat, build better protections and ultimately protect more Linux users – whether they are using Azure or not.

Location: Track 4 / HAXPO Date: May 10, 2019 Time: 10:30 am - 11:00 am Ross Bevington