Ben Schroeder

Abstract: Traditional defensive measures alone are proving insufficient against determined adversaries. This talk introduces a systematic approach to implementing effective deception solutions by using BloodHound's OpenGraph framework to map and deploy deceptive attack paths across AD and third-party enterprise technologies.

This talk moves beyond basic honeypots and canary tokens. This presentation demonstrates how to build discoverable deceptions that actually entice attackers. We'll explore how understanding existing attack paths in your environment is crucial to creating believable deceptions that adversaries will naturally encounter and attempt to exploit.

Key Topics Covered: - Attack Path-Driven Deception Design: Using attack path analysis to identify optimal deception placement points and create realistic adversary scenarios - OpenGraph for Deception Mapping: Extending beyond Active Directory to model deceptive attack paths across Git repositories, configuration management systems, and cloud services - Practical Implementation Examples: Live demonstrations including AD CS deception using Certiception, repo-based deceptions with GitHound, infrastructure deceptions through AnsibleHound and SCCMHound