Awesome Deception
An awesome list of resources on deception-based security with honeypots and honeytokens
Contents
Articles
- Dripping a Little Honey in your Environment
- Trapdoor - The serverless HTTP honeypot
- yesman--Scanner Honeypot with scapy
- Deploy and monitor Azure Key Vault honeytokens with Azure Sentinel (Public preview)
- Honeypot Journals: Credential Attacks and Lessons from Recent Honeynet Incursions
- Honeypot Journals Part II: Attacks on Residential Endpoints
- Deception Engineering: exploring the use of Windows Service Canaries against ransomware
- Ensnare Attack Detection Tool Hopes to Frustrate Hackers, Too
- Honeypots: Good servers in dark alleys can be an enterprise asset
- Extending a Thinkst Canary to become an interactive honeypot
- HoneyPoC: The fallout data after I trolled the Internet...
- Experiments in Extending Thinkst Canary – Part 1
- Using Canaries for Input Detection and Response
- Explain Like I’m Five: Poison Records (Honeypots for Database Tables)
- Not so IDLE hands: FBI program offers companies data protection via deception
- The SunDEW project: learning to pose scalability barriers to attackers
- Honeysploit: Exploiting the Exploiters
- A Tale of Two PoCs or: How I Learned to Stop Worrying and Love the Honeypot
- Honeyroasting. How to detect Kerberoast breaches with honeypots
- Deceiving blue teams using anti-forensic techniques
- Endlessh: an SSH Tarpit
- A Practical Guide to Honeypots
- Learn how to deploy a Honeypot and visualise its data step by step
- Bypassing LLMNR/NBT-NS honeypot
- RDP Honeypotting
- High Interaction Honeypots with Sysdig and Falco
- Detecting Mimikatz Use On Your Network
- Implementing Honeytokens, Honeynets, and Honeytraps With Zero Budget
- Creating and Deploying Honeypots in Kubernetes
- Honeypot deployment on Linux - OpenCanary
- Setting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries
- Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments
- Detecting Malice with ModSecurity: HoneyTraps
- How Google set a trap for Pwn2Own exploit team
- Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
- Building a real-world web honeypot for CVE-2019–6340 (RCE in Drupal core)
- SSH Honey Keys
- Deception as a {Free} Post-Breach Detection Tool
- DevSecOps: Deception in Depth
- How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions
- Gene Spafford: Challenging the Maxim, “No Security Through Obscurity”
- Introduction to HoneyPy & HoneyDB
- Getting Started With HoneyPy — Part 1
- Getting Started With HoneyPy — Part 2
- Getting Started With HoneyPy — Part 3
- Reflections Upon Deception-Based Security Tactics
- Running A SSH Honeypot With Kippo: Let’s Catch Some Script Kiddies
- Cowrie Honeypot Analysis - 24 hours after installing a fresh Cowrie Honeypot on a Digital Ocean node in Singapore. I have data.
- Early Warning Detectors Using AWS Access Keys as Honeytokens
- Introduction to T-Pot - The all in one honeypot
- Unveiling Patchwork – a targeted attack caught with cyber deception
- “Deception as Detection” or Give Deception a Chance?
- Deploy a fake Bitcoin wallet to save your own
- To Honey or not to Honey
Communities
Frameworks
Guides
- Birding Guide - Detect attackers without breaking the bank
- OWASP AppSensor Guide - Application-Specific Real Time Attack Detection & Response
- A Practical Guide to Honeypots
Related Lists
Research
Groups and Laboratories
Workshops
Lecture Slides
Papers and Theses
- 2021
- Lamboozling Attackers: A New Generation of Deception
- Click This, Not That: Extending Web Authentication with Deception
- Angry Birding: Evaluating Application Exceptions as Attack Canaries
- Three Decades of Deception Techniques in Active Cyber Defense - Retrospect and Outlook
- A Comparative Analysis of Honeypots on Different Cloud Platforms
- 2020
- Honeypots in the age of universal attacks and the Internet of Things
- The Moonraker Study: An Experimental Evaluation of Host-Based Deception
- An Empirical Assessment of the Effectiveness of Deception for Cyber Defense
- An Intelligent Deployment Policy for Deception Resources Based on Reinforcement Learning
- HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys
- Towards systematic honeytoken fingerprinting
- Role-Based Deception in Enterprise Networks
- DodgeTron: Towards Autonomous Cyber Deception Using Dynamic Hybrid Analysis of Malware
- Cyber Deception for Computer and Network Security: Survey and Challenges
- HoneyBug: Personalized Cyber Deception for Web Applications
- Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires
- HoPLA: a Honeypot Platform to Lure Attackers
- Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment
- Lessons Learned from SunDEW: A Self Defense Environment for Web Applications
- 2019
- Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days
- Deploying a University Honeypot: A case study
- The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
- General-Sum Cyber Deception Games under Partial AttackerValuation Information
- HackIT: A Human-in-the-loop Simulation Tool for Realistic Cyber Deception Experiments
- Deception-As-Defense Framework for Cyber-Physical Systems
- Learning and Planning in Feature Deception Games
- HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design
- Using Camouflaged Cyber Simulationsas a Model to Ensure Validity in Cybersecurity Experimentation
- A Survey On Honeypots, Honeynets And Their Applications On Smart Grid
- Analysis of threats on a VoIP Based PBX Honeypot
- Prevalence of IoT Protocols in Telescope and Honeypot Measurements
- Counting Outdated Honeypots: Legal and Useful
- Game Theory for Adaptive Defensive Cyber Deception
- DorkPot: A Honeypot-based Analysis of GoogleDorks
- Buckler:Intrusion Detection and Prevention using Honeypot
- Detect Me If You... Oh Wait.An Internet-Wide View of Self-Revealing Honeypots
- From Cyber-Security Deception To Manipulation and Gratification Through Gamification
- Honeypot boulevard: understanding malicious activity via decoy accounts
- The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception
- How deception can change cyber security defences
- VIRTUALIZED INTELLIGENT HONEYPOT AGENT
- Game Theory for Cyber Deception: A Tutorial
- 2018
- Adaptive Containerised Honeypots for Cyber-Incident Monitoring
- Towards an Automatic Generation of Low-Interaction Web Application Honeypots
- Cloxy: A Context-aware Deception-as-a-ServiceReverse Proxy for Web Services
- Deception Techniques in Computer Security: A Research Perspective
- Demystifying Deception Technology:A Survey
- Defending Web Servers with Feints, Distraction and Obfuscation
- Strategic Defense and Attack in Deception Based Network Security
- Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale
- A SPL Framework for Adaptive Deception-based Defense
- Chaff Bugs: Deterring Attackers by Making Software Buggier
- U-PoT: A Honeypot Framework for UPnP-Based IoT Devices
- HoneyThing: A New Honeypot Design for CPE Devices
- Efficiency and Security of Docker Based Honeypot Systems
- An Application of Jeeves for Honeypot Sanitization
- Cloud security using self-acting spontaneous honeypots
- HONEY POT AS A SERVICE IN CLOUD
- A Survey of Game-Theoretic Approaches to Modeling Honeypots
- Web Deception towards Moving Target Defense
- Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service
- Using Reinforcement Learning to Conceal Honeypot Functionality
- 2017
- Lure Box Using Honeytokens for Detecting Cyberattacks
- Adapting Honeypot Configurations to Detect Evolving Exploits
- A New Approach to Detecting Ransomware with Deception
- Active defence through deceptive IPS
- Deception strategies for web application security: application-layer approaches and a testing platform
- Evaluation of Deception-Based Web Attacks Detection
- HoneyIo4: the construction of a virtual, low-interaction IoT Honeypot
- Honey-Copy-A Concept and Prototype of a Generic Honeypot System
- Deception using an SSH honeypot
- Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
- Weems: An extensible HTTP honeypot
- Understanding Security Flaws of IoT Protocols through Honeypot Technologies
- HONEYPHY: A PHYSICS-AWARE CPS HONEYPOT FRAMEWORK
- Designing a smartphone honeypot system using performance counters
- Enhancing Honeypot Deception Capability Through Network Service Fingerprinting
- Enabling an Anatomic View to Investigate Honeypot Systems: A Survey
- Review on Honeypot Security
- A Virtual Honeypot Framework for Server Configuration Using IDS For Login Authentications
- Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles
- Towards Deployment Strategies for Deception Systems
- Outlier Detection in Secure Shell Honeypot using Particle Swarm Optimization Technique
- Evaluation of Low-Interaction Honeypots on the University Network
- Poster: HoneyBot - A Honeypot for Robotic Systems
- A security approach based on honeypots: Protecting Online Social network from malicious profiles
- 2016
- SSH Honeypot: Building, Deploying and Analysis
- Designing Adaptive Deception Strategies
- Design and Implementation of a Real-Time Honeypot System for the Detection and Prevention of Systems Attacks
- Active defence using an operational technology honeypot
- SIMULATION OF INDUSTRIAL CONTROL SYSTEM FIELD DEVICES FOR CYBER SECURITY
- Deception-Based Game Theoretical Approach to Mitigate DoS Attacks
- MobiPot: Understanding Mobile Telephony Threats with Honeycards
- Gathering threat intelligence through computer network deception
- An improved tarpit for network deception
- Bandits for Cybersecurity: Adaptive Intrusion Detection Using Honeypots
- Honeypot Architectures for IPv6 Networks
- Deceptive Cyber Defense for IIoT
- A Survey on Honeypot Software and Data Analysis
- Goal-driven deception tactics design
- SCADA Honeypots – An In-depth Analysis of Conpot
- Graph-based Forensic Analysis of Web Honeypot
- Poster: Re-thinking the Honeypot for Cyber-Physical Systems
- Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study
- 2015
- Deception by Design: Evidence-Based Signaling Games for Network Defense
- Experiences with Honey-Patching in Active Cyber Security Education
- Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses
- Toward an Insider Threat Detection Framework Using Honey Permissions
- Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace
- Denial and Deception in Cyber Defense
- Fox in the Trap: Thwarting Masqueraders via Automated Decoy Document Deployment
- Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks
- Deception in Dynamic Web Application Honeypots: Case of Glastopf
- IoTPOT: Analysing the Rise of IoT Compromises
- Survey on Security Using Honeypot
- 2014
- Aggressive Web Application Honeypot for Exposing Attacker‟s Identity
- From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
- Changing the game: The art of deceiving sophisticated attackers
- Implementing a CBR Recommender for Honeypot Configuration using jCOLIBRI
- INTERCEPT: High-interaction Server-type Honeypot basedon Live Migration
- Building a Honeypot to Research Cyber-Attack Techniques
- 2013
- Detecting Targeted Attacks by Multilayer Deception
- Improving Security Using Deception
- Bait and Snitch: Defending Computer Systems with Decoys
- Canary Files: Generating Fake Files to Detect Critical Data Loss from Complex Computer Networks
- Honeywords: Making Password-Cracking Detectable
- A Technique for Presenting a Deceptive Dynamic Network Topology
- Self-adaptive SSH Honeypot Model Capable of Reasoning
- Design and Implementation of a Medium Interaction Honeypot
- A Framework for Intrusion Deception on Web Servers
- Patterns and Patter - An Investigation into SSH Activity Using Kippo Honeypots
- A review of dynamic and intelligent honeypots
- 2012
- A Deception Framework for Survivability Against Next Generation Cyber Attacks
- A Security Mechanism for Web Servers Based on Deception
- A Survey: Recent Advances and Future Trends in Honeypot Research
- CAMPUS SECURITY USING HONEYPOT
- Set-up and deployment of a high-interaction honeypot:experiment and lessons learned
- 2011
- DarkNOC: Dashboard for Honeypot Management
- Heat-seeking honeypots: design and experience
- Time-traveling Forensic Analysis of VM-basedHigh-interaction Honeypots
- SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats
- 2010
- 2009
- 2008
- 2007
- 2006
- Defensive Computer-Security Deception Operations: Processes, Principles and Techniques
- Using deception to hide things from hackers: Processes, principles, and techniques
- Testing and validation of a dynamic honeypot system
- Advanced Honeypot-based Intrusion Detection
- Honeypots: How do you know when you are inside one?
- Lessons learned from the deployment of a high-interaction honeypot
- 2005
- 2004
- 2003
- 2002
- 2001
- 1994
Podcasts
- Origins of Deception Technology with Haroon Meer
- Active Deception as a Methodology for Cybersecurity
Presentations
- Modelling and Generating Fake Websites for Cyber Deception
- Detecting Reverse Engineering with Canaries
- Lure Box Using Honeytokens for Detecting Cyberattacks
- The smartest way to protect Websites and Web Apps from Attacks
Videos
- Advanced Deception Technology Through Behavioral Biometrics
- Applied Deception Beyond the Honeypot: Moving Past 101
- Honeypots, Deception, and Frankenstein
- Honeypots 2.0: A New ‘Twist’ on Defending Enterprise Networks with Dynamic Deception at Scale
- SANS Webcast: Opening a can of Active Defense and Cyber Deception to confuse and frustrate attackers
- Deceptive Defense: Beyond Honeypots
- Honeypots for Active Defense A Practical Guide to Deploying Honeynets Within the Enterprise
- The matrix has you: Protecting Linux using deception
- Using Honeypots for Network Security Monitoring
- Remote detection of low & medium interaction honeypots
- honeyHoax - A Centralised Honeypot
- Deception for the Cyber Defender: To Err is Human; to Deceive, Divine
- Paravirtualized Honeypot Deployment for the Analysis of Malicious Activity
- Deploying Honeypots To Gather Actionable Threat Intelligence
- Honeypot Your Database
- Forging Trusts for Deception in Active Directory
- HoneyPy & HoneyDB
- Leveraging Deception Techniques for Strong Detection
- Breaking Honeypots for Fun & Profit
- Honeywords - Detectable Password Theft
- IoT Honeypots
- IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
- The KGB, the Computer, and Me (Complete)
- No Budget Threat Intelligence - Tracking Malware Campaigns on the Cheap
- Running a SCADA honeypot
- Visibility, Control, and Containment: Hunting Maturity through Cyber Deception
- Drawing the Foul: Operation of a DDoS Honeypot
- GlastopfNG - A web attack honeypot
- A Framework For Fingerprinting ICS Honeypot
- Building a Better Honeypot Network
- Global Honeypot Trends - Adventures with Kippo!
- Learning How To Smurf With Honeypots
- Powergrid Honeypot
- Stories from a 15 days SMB Honeypot
- Medical Devices: Pwnage and Honeypots
- Honeypots and tokens in modern networks
- Honey(pot) flavored hunt for cyber enemy
- Hey, You Got Your SQL In My Honeypot!
- AT&T ThreatTraq: Passwords in the Honeypot
- Low-Interaction Virtual Honeypot Fingerprinting
- Smart Contract Honeypots for Profit (and probably fun)
- Deceptacon: Wi-Fi Deception < $5
- Application Honeypot Threat Intelligence
- Deploying ICS Honeypots to Deceive and Thwart Adversaries
- Where Do The Phishers Live:Collecting Phishers' Geographic Locations from Honeypots
- PLC for Home Automation and How It Is as Hackable as a Honeypot
- How to Build SPAM Honeypots
- Bring Back the Honeypots
- Vaccination - An Anti-Honeypot Approach
- T-Pot: Automated Honeypot Deployment
- Running a Honeypot | AT&T ThreatTraq Bits
- Ghetto IDS and Honeypots for the Home User
- Honeypot That Can Bite: Reverse Penetration
- Thug: a new low-interaction honeyclient
- Hacking Back: Proactive Threat Intelligence With Honeypots For Active Defense
- Honey Haven: Creating Research HoneyPots In the Cloud
- Lessons Learned from Building and Running MHN the Worlds Largest Crowdsourced Honeynet
- Would You Like Some Honey With That?
- Honey In The Age Of Cyber
- Wolves amongst Sheep - Defeating Targeted Attacks with Deception
- Bringing PWNED To You Interesting Honeypot Trends
- ICS Honeypot Deployment Strategies and Technologies
- Security Onions and Honey Potz
- Cyber Counter Intelligence: An attacker-based approach
- Real Eyes, Realize, Real Lies: Beating Deception Technologies
- Whiteboard Wednesday: Attacker Deception - Honeypots
- The Devil Does Not Exist - The Role of Deception in Cyber
- Bitcoin Honeypots
- Your Active Directory Active Defense ADAD Primer
- Tangled Web: Defense in Deception
- BHIS Webcast: Tracking attackers. Why attribution matters and how to do it
- Active Cyber Network Defense with Denial and Deception
- Traps of Gold
- Live Coding: Python Honeypot
- Building a Web Attacker Dashboard with ModSecurity and BeEF
- OpenCanary: a new Python-based honeypot
- Randori, a low interaction honeypot with a vengeance
- Canarytokens - Honeypots Made Easy
- Coding Live Stream 2: Let's Deploy an SSH Honeypot
- Coding Live Stream 5: Let's Analyze Our Honeypot Traffic With PacketTotal
- Building Honeypots to Monitor DDoS
- Cymmetria: Writing honeypots
- Honeypot project - Kippo Setup and walk-through
- Game of Hacks: The Mother of All Honeypots
- Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!
- Watching the attackers with a web honeypot
- Drupot - A drupal honeypot solution by Glasswall
- HoneyJax (AKA Web Security Monitoring and Intelligence 2.0)
- Honeypots and the evolution of botnets
- Improve DDoS Botnet Tracking With Honeypots
- Ghast04 You Got Your SQL Attacks In My Honeypot
- The Future of Honeypots
- sshesame is an easy to setup fake SSH server / HoneyPot
- Countering the removable device threat with USB honeypots
- Hack Yeah - Simple PHP Honeypot
- Trapping Hacks with Ensnare
- Continuous Security: Monitoring & Active Defense in the Cloud
- DECEPTICON OPSEC to Slow the OSINT
- Getting Started in Cyber Deception
- Messing with Portscans with Honeyports (Cyber Deception)
- Deception Fundamentals
- Deception Modeling Language (DML): Tutorial - Part I
- Deception Modeling Language (DML): Tutorial - Part II
- ShellCon 2018 Keynote - DIY Blue Teaming
- Black Hat USA 1999 - Burglar alarms and Booby Traps
- When the Tables Turn
- Hackers Want Passwords
- Honeytokens: Detecting Attacks to Your Web Apps Using Decoys and Deception
- Web Application Honeypot Threat Intelligence
- Faking a Factory: Creating and Operating a Realistic Honeypot
- Active Defense Web Edition: Web Apps Dripping with Honey!