Subhash Popuri

Subhash Popuri

Subhash is a Consultant (Red Team & aspiring Purple Teamer) with EY, India. He's regularly seen contributing to the cyber security community by security tooling (https://github.com/pbssubhash). On a daily basis, Subhash performs Adversary simulation, He developed several open source and closed source tools like Ransomware simulator, Attack simulators, C2 frameworks leveraging lesser known techniques for blue teams to test their existing detection mechanism's efficacy against advanced and lesser known techniques.
Apart from work, he spends most of his free time researching ML and Data Science for better Cyber security detection, watching movies, cooking and gardening. He was privileged to work with many world renowned security teams like Google, Facebook, Twitter, Microsoft, Dell, Cisco among many others as a part of their bug bounty /responsible disclosure programs. He was also fortunate enough to have helped the USA.GOV, National cyber security council of Netherlands, National Informatics center of India's security staff about potential security vulnerabilities.

Talk / Workshop
Description
Talk

h0neytr4p - How to catch the external threat actors with an easy to configure Honeypot.

Working for large clients, we realised that large enterprises don't have any mechanism to trap external threat actors primarily exploiting web vulnerabilities. They are still reliant on threat intel firms to block potential attacker IPs. Sure, there are honeypots but it's really hard and time taking to configure. The turnaround time for SOC teams to configure a honeypot for a recently disclosed vulnerability is very high, discouraging the use of the same. We aim to fix this by introducing a template based honeypot. Honeytrap is stateless, it understands patterns and it can be configured to catch complicated 0day or 1day vulnerability exploitation attempts within minutes. It empowers and encourages blue teams to put an active honeytrap network around the network which can be used to capture Indicators of compromise that can be used to block at the perimeter firewall. h0neytr4p comes in a light weight single binary deployment mode, takes either one or multiple templates as input and has csv output mode which can be easily piped onto custom tools. Currently, it supports HTTP only but the plan is to make it a unified platform that supports SSH, RDP or any other protocols spanning multiple scenarios.

Subscribe and get our news and updates.