Dell develops open-source honeypot

Dell offers open-source honeypot on GitHub to help network administrators.
Dell offers open-source honeypot on GitHub to help network administrators.

Dell SecureWorks researchers created an open source honeypot to help network administrators catch and monitor attackers.

The tool is called DCEPT (Domain Controller Enticing Password Tripwire) and is a tripwire-style intrusion detection system for Active Directory (AD), Dell security researchers Joe Stewart and James Bettke said in a March 2 blog post.

The detection system is based on honeytokens - pieces of information that reveal an attack is taking place when they are accessed or used - and can detect privilege escalation attempts and identify which computer the honeytoken was stolen from.

“The DCEPT tool consists of three parts: an agent that puts a honeytoken domain administrator password into memory on endpoints, a network service that generates unique honeytokens at the request of an agent, and a sniffer service that looks at network traffic for signs that the honeytoken password is being sent in an authentication request,” researchers said.

DCEPT can be downloaded from GitHub. 

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS