Oh Hotel No! How A Hopeless Hooligan Helped A Homie From Homeless To Homeowner (In Nine Months)

This is the story of a hotel hooligan and his fascination with exploiting physical and digital vulnerabilities for the purposes of persistent access, living off the land, and surreptitiously housing homeless people.

You can watch the recording of the first version of this talk delivered at RVAsec 2025 here: https://rvasec.com/rvasec-14-video-justin-varner-oh-hotel-no-how-a-helpless-hooligan-helped-a-homie-from-homelessness-to-homeownership-in-9-months/

This is the third version of ‘Oh Hotel No!’ that originally debuted as BSides Prague 2025, and it builds on the material that only a few people will have ever experienced this past August at BSidesLV in the form of an ephemeral OTR DEFCON Skytalk.

This newest version of the talk has more of a focus on Earl Jones, who is the previously homeless man for 17 years that participated in the ‘Operation House A Homie’ program and is now a thriving and gainfully employed homeowner.

You won’t want to miss it!

Honeypot Boo Boo: Better Breach Detection With Deception Inception

Detailed Talk Outline:

1. Intro
a. A little background about myself and why I’m here
b. A brief overview of the topic, why it’s important, and what I hope you (the hackers) will get out of it.

2. Why Are Breaches So Common?
a. Brief history of breach detection
b. Why the conventional method for detection doesn’t work
c. The cost and impact of continuing down the same path

3. How we can detect breaches and prevent catastrophes
a. Past, present, and future of deception technology
b. Why deception technology is designed for real-time breach detection
c. Real-world examples of disasters that have been averted using deception technology
d. An important note on being so good at deception that your adversaries will question their reality

4. Getting started with breach detection technology
a. The difference between honeypots and honeytraps and where each thrives
b. Honeypot deep dive - guidance on how to deploy them for maximum benefit
c. Honeytoken deep dive - guidance on how to deploy these digital tripwires for maximum benefit
d. Honeytoken types and deployment examples
1. Credentials (AWS API Keys, Slack tokens)
2. Cloud storage buckets (AWS S3)
3. Documents (Google Docs, Microsoft Word, PDFs)
4. Binaries, processes, and DLLs
5. Cloned websites
6. VPNs
7. QR codes
8. Kubernetes
9. Web bugs and redirects
10. DNS
11. Log4Shell
12. Databases
13. Emails

5. Automating breach detection to augment your DFIR capabilities, enrich threat intelligence, and build a continuously updated asset inventory with the power of SOAR
a. Configuring high-fidelity, low volume alerts and effectively triaging them
b. How to not let bad guys know that you’re trying to dupe them
c. Integrating deception tech with existing systems like a SIEM for better DFIR
d. Creating a complex minefield of deception inception using multiple layers and levels of trickery that will deanonymize your adversaries
e. Enriching canary alerts with threat intelligence to add context to events and understand the bigger picture of a targeted cyber campaign
f. Leveraging SOAR to streamline the aforementioned and free up your security personnel to focus on actually solving real problems that are both challenging and fulfilling.

6. A real-world example of our defenses in action

Building our red team campaign
Testing our detection capabilities at each phase of the campaign
Generating our breach detection report and comparing against our red team report
Using the efficacy of our approach to drive down cyber insurance costs, strengthen your position to become certified in SOC II Type I, PCI DSS, and HIPAA, and demonstrate the value of your security program to executive leadership and business stakeholders.
Final notes and Q&A