Wed, Jun 24 · 6:00 PM EDT
Red teamers rely on predictability; predictable enumeration paths, predictable credential locations, predictable network behavior. Deception defense exploits exactly that. This talk+workshop is a practical guide to wasting a red teamer's time, told by someone who has been on both sides of it. I've tripped honeypots mid-engagement. I've also built them. That dual perspective shapes everything in this session. We'll cover a tiered deception stack: Active Directory honey users and honey SPNs designed to catch Kerberoasting and lateral movement; canary tokens embedded in documents, file shares, and source code repositories; honey API endpoints and SSRF detection triggers for AppSec teams; and — newer territory — deception techniques purpose-built for AI systems, including canary instructions in LLM system prompts, honey documents in RAG pipelines, and fake AI API keys that alert when someone finds them.
