back to article Dell offers sweet, sweet, free honeypot tool to trap hungry hackers

Dell SecureWorks duo Joe Stewart and James Bettke have created a free honeypot loaded with fake domain credentials in a bid to help admins trap and block attackers. The researchers built the Domain Controller Enticing Password Tripwire (DCEPT) tool designed to help organisations unmask hackers and shore up defences ahead of …

  1. Candy

    If this works as advertised, it will be incredibly useful.

    Honeytokens are going to become a necessity for enterprises using AD. Which is basically everyone. (Cue howling from the 1% that "Never let the Beast of Redmond loose on their iron." News flash: You're an almost insignificant minority. Active Directory is pretty much ubiquitous.)

    For example, in recent versions the telltale signature of Mimikatz has been removed so that, without honeytokens or behavioural analytics, this kind of credential theft is very hard to detect.

    Definitely one to examine and, if it works well, this could become an essential part of the AD security toolbox.

    1. NotBob

      Re: If this works as advertised, it will be incredibly useful.

      I would theorize that the value may be short-lived. It's quite useful, but this seems like it may well trigger an old-fashioned arms race.

      Bets on whether Mimikatz gets updated to encrypt or otherwise hide what it steals?

      1. DaLo

        Re: If this works as advertised, it will be incredibly useful.

        Wouldn't encrypting the token stop it authenticating against AD? They'd have to run a decryption engine on your DC to pass through the token.

    2. David Moore

      Re: If this works as advertised, it will be incredibly useful.

      "Cue howling from the 1% that "Never let the Beast of Redmond loose on their iron." News flash: You're an almost insignificant minority. Active Directory is pretty much ubiquitous."

      Hahahahahahahahahahaaa. Yep. Sure. ;-)

      You MS boys never seem to realise what your tools are based on.... you do know Active Directories history, right?

      Go type LDAP into Google (or Bing if that's where you feel most comfortable).... ;-)

      1. wub

        Re: If this works as advertised, it will be incredibly useful.

        Embrace, extend, extinguish?

      2. Candy

        Re: If this works as advertised, it will be incredibly useful.

        I'm well aware of the provenance of AD's LDAP component. It's delightful that you think that's all it does. It's the additional bits (you say cruft, I say features) that round out AD as the most complete and widely adopted solution.

        And there's the thing. I'm not talking about technical merit, provenance, suitability, functionality or anything else. Just that it needs to be recognised that in almost every enterprise, you will find AD implemented. In most of those cases, it is the base on which the rest of the IAM infrastructure is built.

        I'm willing to bet the exceptions are few and far between. There must be some enterprises using pure LDAP out there. Probably about the same number as those still relying on Banyan Vines or NetWare.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021