0 Replies - 1161 Views - Last Post: 09 March 2016 - 08:59 AM

#1 modi123_1  Icon User is offline

  • Suitor #2
  • member icon



Reputation: 13488
  • View blog
  • Posts: 53,864
  • Joined: 12-June 08

[link] Dell open sources DCEPT, a honeypot tool

Posted 09 March 2016 - 08:59 AM

https://www.helpnets...ork-intrusions/
https://github.com/secureworks/dcept
https://docs.docker....e/installation/

Got a hanker'n for some network security and administrator fun? Dell just dropped out a honey pot to use.

Quote

The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of:

  • The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain.
  • The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network.
  • The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation.


Anyone have plans to tinker with this on the weekend? ha!

Is This A Good Question/Topic? 0
  • +

Page 1 of 1