Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise Behavior

The attached slides were part of my presentation at SecureWorld Philadelphia in May of 2010.  The presentation covered data collected using a customized installation of the Kojoney low interaction SSH honeypot software.  The data was not surprising but we were able to discern interesting trends and devise some effective defensive strategies.

AttachmentSize
kojoney_secureworld.ppt241 KB