How to detect software supply chain attacks with Honeytokens?
Cloud Security Podcast25 Elo 2023

How to detect software supply chain attacks with Honeytokens?

Can Honeytokens be used in your supply chain security? Turns out we can! We spoke to Mackenzie Jackson ( @advocatemack ) from @GitGuardian about the benefits of using Honeytokens, which organisations can benefit from them and whats involved in deploying them and next steps once they are triggered.


Episode YouTube:⁠⁠Video Link⁠⁠⁠⁠⁠


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠⁠⁠⁠⁠)

Guest Socials: Mackenzie Jackson (⁠ @advocatemack ⁠)

Podcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Question

(00:00) Introduction (02:01) A bit about Mackenzie Jackson (02:37) What are Honeytokens? (03:35) Traditional threat detection (05:29) Honeytoken in action (07:02) Deployments for Honeytokens (09:46) Role of Honeytoken in Supply Chain (11:02) Deploying and managing Honeytokens (13:12) Incident response with Honeytokens (15:01) What companies should use Honeytokens? (16:05) What if the key is deleted !


Resources:

You can find out more about Honeytokens & GitGuardian here!

See you at the next episode!

Jaksot(344)

Google Cloud Security Pentesting Methodology

Google Cloud Security Pentesting Methodology

Penetration Test of a Web Application hosted on Google Cloud in 2023 is quite different to just a simple/traditional web app pentesting.Cloud Penetration testing is misunderstood to be just config rev...

24 Elo 202337min

Network Pentest 2.0 : The Cloud Pentest Revolution

Network Pentest 2.0 : The Cloud Pentest Revolution

Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opin...

22 Elo 202354min

Google Cloud Hacking Red Team Perspective!

Google Cloud Hacking Red Team Perspective!

Google cloud hacking or pentesting is very different to other popular cloud service providers like aws or azure. In this episode we had Shannon McHale (Mandiant now Google Cloud) to talk about how she...

2 Elo 202332min

Cloud Security in the BoardRoom - CISO Perspective with Phil Venables

Cloud Security in the BoardRoom - CISO Perspective with Phil Venables

CISOs in organizations that are going through digital transformation have a responsibility of educating the board on how Cloud Security is measured and improved on to manage the risk posture of the or...

30 Heinä 202340min

Google Cloud IAP - A Pentester Viewpoint

Google Cloud IAP - A Pentester Viewpoint

Google Cloud Security Assessment from a pentester's lens. Anjali from NotSoSecure will be sharing her research into Google Cloud IAP & finding ways to assess the use of Google Cloud IAP in your enviro...

26 Heinä 202333min

Doing Google Cloud Security RIGHT!

Doing Google Cloud Security RIGHT!

AWS Landing zones are well known but not as much in the Google Cloud space. In this episode we have Jimmy Barber shares how controls can be automated in GCP to create landing zone to manage security a...

25 Heinä 202334min

An AWS Centric View of Google Cloud Identity

An AWS Centric View of Google Cloud Identity

Cloud Security Podcast - Yes - AWS Cloud folks are starting to look after Google Cloud security now in a lot of organisations. Caleb Tennis from Sequoia Capital joins us to share his personal experien...

22 Heinä 202345min

So You WANT TO DO Google Cloud Threat Detection - Start here!

So You WANT TO DO Google Cloud Threat Detection - Start here!

Cloud Security Podcast - Cybersecurity Threat hunting explained for Google Cloud. Day Johnson is a threat detection engineer and in this episode of Cloud security for Google Cloud security we spoke ab...

10 Heinä 202339min