Fighting Hackers using HoneyTokens with Dana Epp
Bring the fight to the hackers with some clever code! Carl and Richard talk to Dana Epp about honeytokens - adding code and elements to your applications that are there only to attract bad actors. Dana talks about how hackers attack applications, looking for vulnerabilities. Often those attempts take weeks or even months and are hard to detect in regular logs. By adding code that would only run if an attacker was trying to exploit, you can raise a red flag to your security team early and take action before the attackers are successful. Have a listen, then chat (preferably over pizza) with your security folks about how you can help!
Guests:
Dana Epp
Dana Epp has been a builder and breaker for over 30 years now and helps developers, testers, and hackers to find and fix flaws in apps and infrastructure. Outside of being an offensive security engineer, he's a Microsoft Regional Director and a Microsoft Security MVP for over 17 years now.
Links:
- Security This Week https://securitythisweek.com
- SolarWinds Exploit https://www.csoonline.com/article/3613571/the-solarwinds-hack-timeline-who-knew-what-and-when.html
- synk https://snyk.io/
- Microsoft Authentication Library https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview
- Mitre Attack https://attack.mitre.org/
- Robots file on azure.microsoft.com https://azure.microsoft.com/robots.txt
- sql map https://sqlmap.org/
- Azure Sentinel https://azure.microsoft.com/en-us/services/azure-sentinel/
- Splunk https://www.splunk.com/
- Swagger https://swagger.io/
- Hacker One https://www.hackerone.com/
- Bug Crowd https://www.bugcrowd.com/
- Dana's HoneyTokens Video https://www.youtube.com/watch?v=WP062BDYPWE