BSides London 2021 BSides London 2021
Join event to build your agenda.

F*** Around & Get Found Out: Disinformation As A Service

- GMT
Track 1

Andy is a hacker at heart, an offensive security professional, who currently heads up the UK team of Lares Consulting. He has always been interested in taking things apart and sometimes even putting them together again. Most well known for his book LTR101, blog and other projects published on the internet.


CVEs and big vulnerabilities are being released on a daily basis with and without proofs of concept. 14th July 2020 was a day that rocked the internet, it was the day HoneyPoC was born. What started as a joke proof of concept quickly built traction and built a new class of disinformation campaigns. 

  This talk will dive into not only how HoneyPoC came to be but will also explain how I took it one step further in exploring disinformation as a service and exploring the scientific method of f*ck around find out. I will also be demoing how I took a simple piece of proof of concept code and built a DaaS campaign out of it which poisoned many CTI feeds, found its way into some interesting situations. Uncovered APTs, Insider threats and charlatans alike. 

 Not all talks are Red/Blue/Purple, some are learning opportunities for all. HoneyPoC opened the eyes of many folks and why is it important to be careful about the Proof Of Concepts(POC) that you download/review. What started off as a minor troll turned into an integrated research project, the talk will embark on knowledge about threat intelligence and educate the watchers. Who watches the watchpeople?

 This was a particularly "amusing" troll because the sort of people who keep up with CVEs and look for proof-of-concept exploits should really know better than to run random code they just got off GitHub without checking what it does."