There are two main advancements beyond "classic" honeypots: 1. Honeypots are easy to fingerprint (see our blackhat talk, https://www.youtube.com/watch?v=Pjvr25lMKSY ) 2. Most honeypots just "sit on the network", waiting…
Any questions, we'd be happy to answer
The trick is to make the breadcrumbs the type of data that an attacker is interested in, but a regular user will never be aware of. For example in windows there is a cache of used credentials along with passwords, it is…
Like was said before, you have to attack the decoy to recognize it and that enables catching the attack traffic. Also the mere fact that they recount every single action 10 times over before acting is a huge value in…
When you get one alert that you realize isn't false and has the forensic data tied to it, you can use it as a harness against the loads of information from all the other sensors (firewall, endpoints, sandboxes etc) to…
- What is alerted on (or "attack") is configurable and can range from code being executed (which is the true positive alert) to connecting to ports(which has more noise) - It needs to look like the machine an attacker…
Each decoy is configured to look exactly the way that makes sense for the network it's in. An example is a git server with interesting code or an employees pc that shares files that are crafted to draw attackers to that…
Hi, dean here (Cymmetria CTO). Two great questions: 1. The concept being that from looking at the machine on the network we don't do anything different then regular machines, so the goal is to prevent fingerprinting. 2.…
There are two main advancements beyond "classic" honeypots: 1. Honeypots are easy to fingerprint (see our blackhat talk, https://www.youtube.com/watch?v=Pjvr25lMKSY ) 2. Most honeypots just "sit on the network", waiting…
Any questions, we'd be happy to answer
The trick is to make the breadcrumbs the type of data that an attacker is interested in, but a regular user will never be aware of. For example in windows there is a cache of used credentials along with passwords, it is…
Like was said before, you have to attack the decoy to recognize it and that enables catching the attack traffic. Also the mere fact that they recount every single action 10 times over before acting is a huge value in…
When you get one alert that you realize isn't false and has the forensic data tied to it, you can use it as a harness against the loads of information from all the other sensors (firewall, endpoints, sandboxes etc) to…
- What is alerted on (or "attack") is configurable and can range from code being executed (which is the true positive alert) to connecting to ports(which has more noise) - It needs to look like the machine an attacker…
Each decoy is configured to look exactly the way that makes sense for the network it's in. An example is a git server with interesting code or an employees pc that shares files that are crafted to draw attackers to that…
Hi, dean here (Cymmetria CTO). Two great questions: 1. The concept being that from looking at the machine on the network we don't do anything different then regular machines, so the goal is to prevent fingerprinting. 2.…