Hello, and welcome to this course in which we're talking about Python for active defense with a focus on decoys. In this video, we're going to start out with an introduction to decoys. When we're talking about decoys and deception, it's always good to start with a quote from Sun Tzu. In the Art of War, he says that, "All warfare is based on deception." Essentially, you can gain a significant advantage if you can convince your opponent that what's actually going wrong are going on, isn't what's really going wrong on. This applies very much to cyber defense and cyber attack as well. Cyber attackers commonly use deceptive tactics to hide their activities. For a variety of different cyber attack use cases, trying to mislead defenders is a key part of an attacker's toolkit. Active defenders have the ability to employ deception as well. For example, a honeypot can be used to hold decoys systems and fake data that's designed to lure an attacker away from an organization's real systems to attacking fake systems that the defender has deployed. Similarly, within an organization's network, honey data is fake data that's designed to entice an attacker and pick their interest and to distract and misdirect them from the actual valuable data on an organization systems and networks. The use of deception and decoys provides a number of different benefits for active defense. One of these is that deception wastes an attackers time. Cyber attack and cyber-crime are business, just like any other. Productivity and efficiency is important. If the time spent breaking into an organization system, it outweighs the value extracted from it, then it's not good business to continue attacking it. If an organization can waste an attackers time by sending them on wild goose chases, etc. They may decide that the system isn't worth attacking, get frustrated, and move on to easier targets. Another advantage of decoys and deception is that they grant the defender some level of control over the attackers actions. This is because if you can convince an attacker that a decoy is a real system on an organization's network, then you can get them to focus on that decoy and lure them away from the actual valuable systems, data, users, etc, on the organizations network and systems. A third benefit of the use of decoys and deception is that they can be used as tripwires to help simplify detection of threats on a system. If there's a decoys system or a decoy data where there's no legitimate use for it, then anyone that tries to access or use that system or data is automatically suspicious. That's much easier to differentiate than benign versus malicious use on a legitimate search service. Then finally, decoys and deception can help provide intelligence about an attacker's TTP's. The reason for this is that you can specifically design decoys to try to force the attacker to use a range of capabilities. Based off of the tools and capabilities that they exhibit, you can learn what they're capable of and potentially even force them to expose new tools or new vulnerabilities that you weren't previously aware of. All of these are ways in which decoys and deception are beneficial for active defects. Decoys can be used in active defense in several different ways. We're going to be focusing on three applications of decoys for active defense in this course. The use of decoy processes, decoy content, and decoy credentials. In the next video, we're going to start talking about how decoy processes can be applied to active defense use cases. Thank you.
