Read the abstract ➤ https://www.conf42.com/DevSecOps_2023_Dwayne_McDaniel_detecting_honeytokens Other sessions at this event ➤ https://www.conf42.com/devsecops2023 Join Discord ➤ https://discord.gg/DnyHgrC7jC Chapters 0:00 intro 1:43 preamble 2:00 about dwayne 2:50 let's deploy something real quick 3:12 attackers want your credentials 3:54 uber breach - september 2022 4:49 astrazeneca - november 2022 5:34 circleci - january 2023 6:44 hardcoded credentials 7:11 we know how attackers behave 7:29 what attackers want 7:54 in the 2023 of the state of secrets sprawl 9:00 a brief history of cyber deception 17:05 what is a honeytoken? 19:26 honeytoken options 19:37 open source - the diy route 21:11 commercial options - off the shelf 23:37 honeytoken best practices 29:01 let's check on our honeytoken from earlier... 31:37 in conclusion 32:42 honeytoken options 33:24 thanks, reach out!