Deception with John Hammond Live

Really glad I had the opportunity to join the live session with John Hammond on Learn Cyber Deception. It was especially cool to hear my question get a shout-out and answered live! I asked: “The domain seems pretty obvious. Would an attacker really fall for that trap?” Short answer: Yes :)

Link: https://www.linkedin.com/events/7406436137927614465/

Attackers try to be sneaky.
Defenders get sneaky on purpose.

Overview

Once attackers land in a local environment, things get risky for them. Every move has to be careful, every step calculated. Meanwhile, the SOC only needs to catch them once.

That’s the beauty of defense.
The attacker has to be right every time.
The defender only has to be right once.

Description

Can attackers spot a honeypot?
Sometimes, yes.

But it’s like Jerry seeing a piece of cheese and suddenly freezing.
Is it free food… or a trap waiting to ruin his day? 🧀😬 You see that mind game we are playing here?

Tools like Canarytokens, OpenCanary, and services like Tracebit (great for catching info stealers) act like silent tripwires. Touch them once, and alarms go off.

Defense does not need to be perfect.
It just needs to be smart

Tool Mentioned:

• https://canarytokens.org/nest/
• https://tracebit.com/

  Fun tool! Will spend some time play around with them! More to come!

Some other notes:

• From a business perspective, most customers don’t really care how you caught the attacker. They just want them out of the system.
• Small businesses shut down every year because of data breaches. Sometimes all it takes is one attacker, one mistake, and one system that was not ready.

last modified: 2025-12-19