An awesome list of resources on deception-based security with honeypots and honeytokens.
Note: This list will not be further maintained but it will stay available in this repository. Currently, I'm developing plans for a similar but more developer-centered resource with application intrusion detection and response as an overarching theme -> Suggestions and ideas are more than welcome. In the meantime, feel free to send along or suggest suitable deception content you would like to see in this list via pull requests.
- Creating REST API Canary endpoints
- Imposing a Cyber Penalty Against Attackers with Cyber Deception
- Defeating Ransomware by Using Sysmon and PowerShell
- Canaries as Network Motion Sensors
- NGINX honeypot — the easiest and fastest way to block bots!
- Monitor a Honeypot with Azure App Insights
- Dripping a Little Honey in your Environment
- Trapdoor - The serverless HTTP honeypot
- yesman--Scanner Honeypot with scapy
- Deploy and monitor Azure Key Vault honeytokens with Azure Sentinel (Public preview)
- Honeypot Journals: Credential Attacks and Lessons from Recent Honeynet Incursions
- Honeypot Journals Part II: Attacks on Residential Endpoints
- Deception Engineering: exploring the use of Windows Service Canaries against ransomware
- Ensnare Attack Detection Tool Hopes to Frustrate Hackers, Too
- Honeypots: Good servers in dark alleys can be an enterprise asset
- Extending a Thinkst Canary to become an interactive honeypot
- HoneyPoC: The fallout data after I trolled the Internet...
- Experiments in Extending Thinkst Canary – Part 1
- Using Canaries for Input Detection and Response
- Explain Like I’m Five: Poison Records (Honeypots for Database Tables)
- Not so IDLE hands: FBI program offers companies data protection via deception
- The SunDEW project: learning to pose scalability barriers to attackers
- Honeysploit: Exploiting the Exploiters
- A Tale of Two PoCs or: How I Learned to Stop Worrying and Love the Honeypot
- Honeyroasting. How to detect Kerberoast breaches with honeypots
- Deceiving blue teams using anti-forensic techniques
- Endlessh: an SSH Tarpit
- A Practical Guide to Honeypots
- Learn how to deploy a Honeypot and visualise its data step by step
- Bypassing LLMNR/NBT-NS honeypot
- RDP Honeypotting
- High Interaction Honeypots with Sysdig and Falco
- Detecting Mimikatz Use On Your Network
- Implementing Honeytokens, Honeynets, and Honeytraps With Zero Budget
- Creating and Deploying Honeypots in Kubernetes
- Honeypot deployment on Linux - OpenCanary
- Setting HoneyTraps with ModSecurity: Adding Fake robots.txt Disallow Entries
- Setting HoneyTraps with ModSecurity: Adding Fake HTML Comments
- Detecting Malice with ModSecurity: HoneyTraps
- How Google set a trap for Pwn2Own exploit team
- Build an easy RDP Honeypot with Raspberry PI 3 and observe the infamous attacks as (BlueKeep) CVE-2019–0708
- Building a real-world web honeypot for CVE-2019–6340 (RCE in Drupal core)
- SSH Honey Keys
- Deception as a {Free} Post-Breach Detection Tool
- DevSecOps: Deception in Depth
- How You Can Set up Honeytokens Using Canarytokens to Detect Intrusions
- Gene Spafford: Challenging the Maxim, “No Security Through Obscurity”
- Introduction to HoneyPy & HoneyDB
- Getting Started With HoneyPy — Part 1
- Getting Started With HoneyPy — Part 2
- Getting Started With HoneyPy — Part 3
- Reflections Upon Deception-Based Security Tactics
- Running A SSH Honeypot With Kippo: Let’s Catch Some Script Kiddies
- Cowrie Honeypot Analysis - 24 hours after installing a fresh Cowrie Honeypot on a Digital Ocean node in Singapore. I have data.
- Early Warning Detectors Using AWS Access Keys as Honeytokens
- Introduction to T-Pot - The all in one honeypot
- Unveiling Patchwork – a targeted attack caught with cyber deception
- “Deception as Detection” or Give Deception a Chance?
- Deploy a fake Bitcoin wallet to save your own
- To Honey or not to Honey
- Intrusion Detection Honeypots: Detection through Deception
- Offensive Countermeasures: The Art of Active Defense
- Aggressive Network Self-Defense
- Virtual Honeypots: From Botnet Tracking to Intrusion Detection
- Birding Guide - Detect attackers without breaking the bank
- OWASP AppSensor Guide - Application-Specific Real Time Attack Detection & Response
- A Practical Guide to Honeypots
- 2022
- An Approach to Generate Realistic HTTP Parameters for Application Layer Deception
- Honeyword-based Authentication Techniques for Protecting Passwords: A Survey
- Multi-factor Authentication Mechanism Based on Browser Fingerprinting and Graphical HoneyTokens
- Lethe: Practical Data Breach Detection with Zero Persistent Secret State
- Deceptive directories and “vulnerable” logs: a honeypot study of the LDAP and log4j attack landscape
- 2021
- Examining the Efficacy of Decoy-based and Psychological Cyber Deception
- Lamboozling Attackers: A New Generation of Deception
- Click This, Not That: Extending Web Authentication with Deception
- Angry Birding: Evaluating Application Exceptions as Attack Canaries
- Three Decades of Deception Techniques in Active Cyber Defense - Retrospect and Outlook
- A Comparative Analysis of Honeypots on Different Cloud Platforms
- RIoTPot: a modular hybrid-interaction IoT/OT honeypot
- GOTTA CATCH ’EM ALL: A MULTISTAGE FRAMEWORK FOR HONEYPOT FINGERPRINTING
- 2020
- Honeypots in the age of universal attacks and the Internet of Things
- The Moonraker Study: An Experimental Evaluation of Host-Based Deception
- An Empirical Assessment of the Effectiveness of Deception for Cyber Defense
- An Intelligent Deployment Policy for Deception Resources Based on Reinforcement Learning
- HoneyDetails: A prototype for ensuring patient’s information privacy and thwarting electronic health record threats based on decoys
- Towards systematic honeytoken fingerprinting
- Role-Based Deception in Enterprise Networks
- DodgeTron: Towards Autonomous Cyber Deception Using Dynamic Hybrid Analysis of Malware
- Cyber Deception for Computer and Network Security: Survey and Challenges
- HoneyBug: Personalized Cyber Deception for Web Applications
- Towards Reconstructing Multi-Step Cyber Attacks in Modern Cloud Environments with Tripwires
- HoPLA: a Honeypot Platform to Lure Attackers
- Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment
- Lessons Learned from SunDEW: A Self Defense Environment for Web Applications
- 2019
- Honware: A Virtual Honeypot Framework for Capturing CPE and IoT Zero Days
- Deploying a University Honeypot: A case study
- The Art of The Scam: Demystifying Honeypots in Ethereum Smart Contracts
- General-Sum Cyber Deception Games under Partial AttackerValuation Information
- HackIT: A Human-in-the-loop Simulation Tool for Realistic Cyber Deception Experiments
- Deception-As-Defense Framework for Cyber-Physical Systems
- Learning and Planning in Feature Deception Games
- HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design
- Using Camouflaged Cyber Simulationsas a Model to Ensure Validity in Cybersecurity Experimentation
- A Survey On Honeypots, Honeynets And Their Applications On Smart Grid
- Analysis of threats on a VoIP Based PBX Honeypot
- Prevalence of IoT Protocols in Telescope and Honeypot Measurements
- Counting Outdated Honeypots: Legal and Useful
- Game Theory for Adaptive Defensive Cyber Deception
- DorkPot: A Honeypot-based Analysis of GoogleDorks
- Buckler:Intrusion Detection and Prevention using Honeypot
- Detect Me If You... Oh Wait.An Internet-Wide View of Self-Revealing Honeypots
- From Cyber-Security Deception To Manipulation and Gratification Through Gamification
- Honeypot boulevard: understanding malicious activity via decoy accounts
- The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception
- How deception can change cyber security defences
- VIRTUALIZED INTELLIGENT HONEYPOT AGENT
- Game Theory for Cyber Deception: A Tutorial
- 2018
- Adaptive Containerised Honeypots for Cyber-Incident Monitoring
- Towards an Automatic Generation of Low-Interaction Web Application Honeypots
- Cloxy: A Context-aware Deception-as-a-ServiceReverse Proxy for Web Services
- Deception Techniques in Computer Security: A Research Perspective
- Demystifying Deception Technology:A Survey
- Defending Web Servers with Feints, Distraction and Obfuscation
- Strategic Defense and Attack in Deception Based Network Security
- Bitter Harvest: Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale
- A SPL Framework for Adaptive Deception-based Defense
- Chaff Bugs: Deterring Attackers by Making Software Buggier
- U-PoT: A Honeypot Framework for UPnP-Based IoT Devices
- HoneyThing: A New Honeypot Design for CPE Devices
- Efficiency and Security of Docker Based Honeypot Systems
- An Application of Jeeves for Honeypot Sanitization
- Cloud security using self-acting spontaneous honeypots
- HONEY POT AS A SERVICE IN CLOUD
- A Survey of Game-Theoretic Approaches to Modeling Honeypots
- Web Deception towards Moving Target Defense
- Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service
- Using Reinforcement Learning to Conceal Honeypot Functionality
- 2017
- Lure Box Using Honeytokens for Detecting Cyberattacks
- Adapting Honeypot Configurations to Detect Evolving Exploits
- A New Approach to Detecting Ransomware with Deception
- Active defence through deceptive IPS
- Deception strategies for web application security: application-layer approaches and a testing platform
- Evaluation of Deception-Based Web Attacks Detection
- HoneyIo4: the construction of a virtual, low-interaction IoT Honeypot
- Honey-Copy-A Concept and Prototype of a Generic Honeypot System
- Deception using an SSH honeypot
- Picky Attackers: Quantifying the Role of System Properties on Intruder Behavior
- Weems: An extensible HTTP honeypot
- Understanding Security Flaws of IoT Protocols through Honeypot Technologies
- HONEYPHY: A PHYSICS-AWARE CPS HONEYPOT FRAMEWORK
- Designing a smartphone honeypot system using performance counters
- Enhancing Honeypot Deception Capability Through Network Service Fingerprinting
- Enabling an Anatomic View to Investigate Honeypot Systems: A Survey
- Review on Honeypot Security
- A Virtual Honeypot Framework for Server Configuration Using IDS For Login Authentications
- Automating the Generation of Enticing Text Content for High-Interaction Honeyfiles
- Towards Deployment Strategies for Deception Systems
- Outlier Detection in Secure Shell Honeypot using Particle Swarm Optimization Technique
- Evaluation of Low-Interaction Honeypots on the University Network
- Poster: HoneyBot - A Honeypot for Robotic Systems
- A security approach based on honeypots: Protecting Online Social network from malicious profiles
- 2016
- SSH Honeypot: Building, Deploying and Analysis
- Designing Adaptive Deception Strategies
- Design and Implementation of a Real-Time Honeypot System for the Detection and Prevention of Systems Attacks
- Active defence using an operational technology honeypot
- SIMULATION OF INDUSTRIAL CONTROL SYSTEM FIELD DEVICES FOR CYBER SECURITY
- Deception-Based Game Theoretical Approach to Mitigate DoS Attacks
- MobiPot: Understanding Mobile Telephony Threats with Honeycards
- Gathering threat intelligence through computer network deception
- An improved tarpit for network deception
- Bandits for Cybersecurity: Adaptive Intrusion Detection Using Honeypots
- Honeypot Architectures for IPv6 Networks
- Deceptive Cyber Defense for IIoT
- A Survey on Honeypot Software and Data Analysis
- Goal-driven deception tactics design
- SCADA Honeypots – An In-depth Analysis of Conpot
- Graph-based Forensic Analysis of Web Honeypot
- Poster: Re-thinking the Honeypot for Cyber-Physical Systems
- Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study
- Multi-stage Attack Detection and Signature Generation with ICS Honeypots
- 2015
- Deception by Design: Evidence-Based Signaling Games for Network Defense
- Experiences with Honey-Patching in Active Cyber Security Education
- Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses
- Toward an Insider Threat Detection Framework Using Honey Permissions
- Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace
- Denial and Deception in Cyber Defense
- Fox in the Trap: Thwarting Masqueraders via Automated Decoy Document Deployment
- Hyhoneydv6: A hybrid Honeypot Architecture for IPv6 Networks
- Deception in Dynamic Web Application Honeypots: Case of Glastopf
- IoTPOT: Analysing the Rise of IoT Compromises
- Survey on Security Using Honeypot
- Multi-stage Attack Detection and Signature Generation with ICS Honeypots
- 2014
- Aggressive Web Application Honeypot for Exposing Attacker‟s Identity
- From Patches to Honey-Patches: Lightweight Attacker Misdirection, Deception, and Disinformation
- Changing the game: The art of deceiving sophisticated attackers
- Implementing a CBR Recommender for Honeypot Configuration using jCOLIBRI
- INTERCEPT: High-interaction Server-type Honeypot basedon Live Migration
- Building a Honeypot to Research Cyber-Attack Techniques
- 2013
- Detecting Targeted Attacks by Multilayer Deception
- Improving Security Using Deception
- Bait and Snitch: Defending Computer Systems with Decoys
- Canary Files: Generating Fake Files to Detect Critical Data Loss from Complex Computer Networks
- Honeywords: Making Password-Cracking Detectable
- A Technique for Presenting a Deceptive Dynamic Network Topology
- Self-adaptive SSH Honeypot Model Capable of Reasoning
- Design and Implementation of a Medium Interaction Honeypot
- A Framework for Intrusion Deception on Web Servers
- Patterns and Patter - An Investigation into SSH Activity Using Kippo Honeypots
- A review of dynamic and intelligent honeypots
- 2012
- A Deception Framework for Survivability Against Next Generation Cyber Attacks
- A Security Mechanism for Web Servers Based on Deception
- A Survey: Recent Advances and Future Trends in Honeypot Research
- CAMPUS SECURITY USING HONEYPOT
- Set-up and deployment of a high-interaction honeypot:experiment and lessons learned
- 2011
- DarkNOC: Dashboard for Honeypot Management
- Heat-seeking honeypots: design and experience
- Time-traveling Forensic Analysis of VM-basedHigh-interaction Honeypots
- SCADA Honeynets: The attractiveness of honeypots as critical infrastructure security tools for the detection and analysis of advanced threats
- 2010
- 2009
- 2008
- 2007
- 2006
- Defensive Computer-Security Deception Operations: Processes, Principles and Techniques
- Using deception to hide things from hackers: Processes, principles, and techniques
- Testing and validation of a dynamic honeypot system
- Advanced Honeypot-based Intrusion Detection
- Honeypots: How do you know when you are inside one?
- Lessons learned from the deployment of a high-interaction honeypot
- 2005
- 2004
- 2003
- 2002
- 2001
- 1994
- Origins of Deception Technology with Haroon Meer
- Active Deception as a Methodology for Cybersecurity
- Modelling and Generating Fake Websites for Cyber Deception
- Detecting Reverse Engineering with Canaries
- Lure Box Using Honeytokens for Detecting Cyberattacks
- The smartest way to protect Websites and Web Apps from Attacks
- Sorry Your Princess is in Another Castle: Intrusion Deception to Protect the Web
- Advanced Deception Technology Through Behavioral Biometrics
- Applied Deception Beyond the Honeypot: Moving Past 101
- Honeypots, Deception, and Frankenstein
- Honeypots 2.0: A New ‘Twist’ on Defending Enterprise Networks with Dynamic Deception at Scale
- SANS Webcast: Opening a can of Active Defense and Cyber Deception to confuse and frustrate attackers
- Deceptive Defense: Beyond Honeypots
- Honeypots for Active Defense A Practical Guide to Deploying Honeynets Within the Enterprise
- The matrix has you: Protecting Linux using deception
- Using Honeypots for Network Security Monitoring
- Remote detection of low & medium interaction honeypots
- honeyHoax - A Centralised Honeypot
- Deception for the Cyber Defender: To Err is Human; to Deceive, Divine
- Paravirtualized Honeypot Deployment for the Analysis of Malicious Activity
- Deploying Honeypots To Gather Actionable Threat Intelligence
- Honeypot Your Database
- Forging Trusts for Deception in Active Directory
- HoneyPy & HoneyDB
- Leveraging Deception Techniques for Strong Detection
- Breaking Honeypots for Fun & Profit
- Honeywords - Detectable Password Theft
- IoT Honeypots
- IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
- The KGB, the Computer, and Me (Complete)
- No Budget Threat Intelligence - Tracking Malware Campaigns on the Cheap
- Running a SCADA honeypot
- Visibility, Control, and Containment: Hunting Maturity through Cyber Deception
- Drawing the Foul: Operation of a DDoS Honeypot
- GlastopfNG - A web attack honeypot
- A Framework For Fingerprinting ICS Honeypot
- Building a Better Honeypot Network
- Global Honeypot Trends - Adventures with Kippo!
- Learning How To Smurf With Honeypots
- Powergrid Honeypot
- Stories from a 15 days SMB Honeypot
- Medical Devices: Pwnage and Honeypots
- Honeypots and tokens in modern networks
- Honey(pot) flavored hunt for cyber enemy
- Hey, You Got Your SQL In My Honeypot!
- AT&T ThreatTraq: Passwords in the Honeypot
- Low-Interaction Virtual Honeypot Fingerprinting
- Smart Contract Honeypots for Profit (and probably fun)
- Deceptacon: Wi-Fi Deception < $5
- Application Honeypot Threat Intelligence
- Deploying ICS Honeypots to Deceive and Thwart Adversaries
- Where Do The Phishers Live:Collecting Phishers' Geographic Locations from Honeypots
- PLC for Home Automation and How It Is as Hackable as a Honeypot
- How to Build SPAM Honeypots
- Bring Back the Honeypots
- Vaccination - An Anti-Honeypot Approach
- T-Pot: Automated Honeypot Deployment
- Running a Honeypot | AT&T ThreatTraq Bits
- Ghetto IDS and Honeypots for the Home User
- Honeypot That Can Bite: Reverse Penetration
- Thug: a new low-interaction honeyclient
- Hacking Back: Proactive Threat Intelligence With Honeypots For Active Defense
- Honey Haven: Creating Research HoneyPots In the Cloud
- Lessons Learned from Building and Running MHN the Worlds Largest Crowdsourced Honeynet
- Would You Like Some Honey With That?
- Honey In The Age Of Cyber
- Wolves amongst Sheep - Defeating Targeted Attacks with Deception
- Bringing PWNED To You Interesting Honeypot Trends
- ICS Honeypot Deployment Strategies and Technologies
- Security Onions and Honey Potz
- Cyber Counter Intelligence: An attacker-based approach
- Real Eyes, Realize, Real Lies: Beating Deception Technologies
- Whiteboard Wednesday: Attacker Deception - Honeypots
- The Devil Does Not Exist - The Role of Deception in Cyber
- Bitcoin Honeypots
- Your Active Directory Active Defense ADAD Primer
- Tangled Web: Defense in Deception
- BHIS Webcast: Tracking attackers. Why attribution matters and how to do it
- Active Cyber Network Defense with Denial and Deception
- Traps of Gold
- Live Coding: Python Honeypot
- Building a Web Attacker Dashboard with ModSecurity and BeEF
- OpenCanary: a new Python-based honeypot
- Randori, a low interaction honeypot with a vengeance
- Canarytokens - Honeypots Made Easy
- Coding Live Stream 2: Let's Deploy an SSH Honeypot
- Coding Live Stream 5: Let's Analyze Our Honeypot Traffic With PacketTotal
- Building Honeypots to Monitor DDoS
- Cymmetria: Writing honeypots
- Honeypot project - Kippo Setup and walk-through
- Game of Hacks: The Mother of All Honeypots
- Effortless, Agentless Breach Detection in the Enterprise: Token all the Things!
- Watching the attackers with a web honeypot
- Drupot - A drupal honeypot solution by Glasswall
- HoneyJax (AKA Web Security Monitoring and Intelligence 2.0)
- Honeypots and the evolution of botnets
- Improve DDoS Botnet Tracking With Honeypots
- Ghast04 You Got Your SQL Attacks In My Honeypot
- The Future of Honeypots
- sshesame is an easy to setup fake SSH server / HoneyPot
- Countering the removable device threat with USB honeypots
- Hack Yeah - Simple PHP Honeypot
- Trapping Hacks with Ensnare
- Continuous Security: Monitoring & Active Defense in the Cloud
- DECEPTICON OPSEC to Slow the OSINT
- Getting Started in Cyber Deception
- Messing with Portscans with Honeyports (Cyber Deception)
- Deception Fundamentals
- Deception Modeling Language (DML): Tutorial - Part I
- Deception Modeling Language (DML): Tutorial - Part II
- ShellCon 2018 Keynote - DIY Blue Teaming
- Black Hat USA 1999 - Burglar alarms and Booby Traps
- When the Tables Turn
- Hackers Want Passwords
- Honeytokens: Detecting Attacks to Your Web Apps Using Decoys and Deception
- Web Application Honeypot Threat Intelligence
- Faking a Factory: Creating and Operating a Realistic Honeypot
- Active Defense Web Edition: Web Apps Dripping with Honey!
- Examining the Efficacy of Decoy-based and Psychological Cyber Deception
- Detecting Responder via LLMNR Honey Tasks on User Workstations
- Monitoring Sensitive Windows Commands via CanaryTokens - Deploying Registry Entries via Group Policy
- Combining AD Honey Pot Accounts with Canaries to Detect Password Sprays and Kerberoasting for free!
- Hacker Interrupted: Detecting and Preventing Hackers on Your Website Using Deception