YC-backed Cymmetria published a report about an APT caught with cyber-deception (threatpost.com) 6 points by lorg 10y ago ↗ HN
[–] dkopi 10y ago ↗ How is cyber-deception different from regular honeypots? [–] ddiinn2 10y ago ↗ There are two main advancements beyond "classic" honeypots:1. Honeypots are easy to fingerprint (see our blackhat talk, https://www.youtube.com/watch?v=Pjvr25lMKSY )2. Most honeypots just "sit on the network", waiting to be scanned. By using breadcrumbs (AKA honeytokens) as part of deception stories you're actively hunting the attackers in the network, by influencing their decision process.
[–] ddiinn2 10y ago ↗ There are two main advancements beyond "classic" honeypots:1. Honeypots are easy to fingerprint (see our blackhat talk, https://www.youtube.com/watch?v=Pjvr25lMKSY )2. Most honeypots just "sit on the network", waiting to be scanned. By using breadcrumbs (AKA honeytokens) as part of deception stories you're actively hunting the attackers in the network, by influencing their decision process.
3 comments
[ 2.5 ms ] story [ 17.7 ms ] thread1. Honeypots are easy to fingerprint (see our blackhat talk, https://www.youtube.com/watch?v=Pjvr25lMKSY )
2. Most honeypots just "sit on the network", waiting to be scanned. By using breadcrumbs (AKA honeytokens) as part of deception stories you're actively hunting the attackers in the network, by influencing their decision process.