Architecture, Network security, Strategy, Threat intelligence, Threats, Cybercrime

Dell develops open-source honeypot

March 8, 2016

Dell SecureWorks researchers created an open source honeypot to help network administrators catch and monitor attackers.

The tool is called DCEPT (Domain Controller Enticing Password Tripwire) and is a tripwire-style intrusion detection system for Active Directory (AD), Dell security researchers Joe Stewart and James Bettke said in a March 2 blog post.

The detection system is based on honeytokens - pieces of information that reveal an attack is taking place when they are accessed or used - and can detect privilege escalation attempts and identify which computer the honeytoken was stolen from.

“The DCEPT tool consists of three parts: an agent that puts a honeytoken domain administrator password into memory on endpoints, a network service that generates unique honeytokens at the request of an agent, and a sniffer service that looks at network traffic for signs that the honeytoken password is being sent in an authentication request,” researchers said.

DCEPT can be downloaded from GitHub. 

prestitial ad