Threat Management, Network Security, Threat Management

Dell develops open-source honeypot


Dell SecureWorks researchers created an open source honeypot to help network administrators catch and monitor attackers.

The tool is called DCEPT (Domain Controller Enticing Password Tripwire) and is a tripwire-style intrusion detection system for Active Directory (AD), Dell security researchers Joe Stewart and James Bettke said in a March 2 blog post.

The detection system is based on honeytokens - pieces of information that reveal an attack is taking place when they are accessed or used - and can detect privilege escalation attempts and identify which computer the honeytoken was stolen from.

“The DCEPT tool consists of three parts: an agent that puts a honeytoken domain administrator password into memory on endpoints, a network service that generates unique honeytokens at the request of an agent, and a sniffer service that looks at network traffic for signs that the honeytoken password is being sent in an authentication request,” researchers said.

DCEPT can be downloaded from GitHub. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.