conf.directory

DEF CON 32 - Decoding Galah, an LLM Powered Web Honeypot - Adel Karimi

Adel KarimiDEF CON
24:57
0 views
Published October 16, 2024

About this talk

Honeypots are invaluable tools for monitoring internet-wide scans and understanding attackers' techniques. Traditional low-interaction web honeypots use manual methods to emulate various applications or vulnerabilities. Introducing Galah, an LLM-powered web honeypot that mimics diverse applications with a single prompt. This honeypot dynamically crafts relevant HTTP responses, including headers and body content, to various HTTP requests, effectively simulating multiple web applications. In this talk, I will share lessons learned from building and deploying Galah and address two key questions: How do different large language models perform in generating HTTP messages? Does delivering authentic-looking HTTP responses increase attackers’ engagement with the honeypot?

Topics covered

LLMs
web honeypots
HTTPS
application emulation
attacker engagement

Stay Updated

Get notified about new features and conference additions.

Related Talks

Video thumbnail not available
01:00:49

The Art of Code - Dylan Beattie

Dylan Beattie
NDC Conferences
4,796,409 views
February 26 2020
Watch Now
Video thumbnail not available
26:53

What the heck is the event loop anyway? | Philip Roberts | JSConf EU

Philip Roberts
JSConf EU
3,551,387 views
October 9 2014
Watch Now
Video thumbnail not available
39:51

Expert Talk: DevOps & Software Architecture • Simon Brown, Dave Farley & Hannes Lowette • GOTO 2021

Simon Brown, Dave Farley & Hannes Lowette
GOTO Conferences
3,109,641 views
February 15 2022
Watch Now
DEF CON 32 - Decoding Galah, an LLM Powered Web Honeypot - Adel Karimi by Adel Karimi | conf.directory | conf.directory