Blue Team Tactics: Honey Tokens Pt. II

This is a multipart blog post, read part one and then continue here. We enabled filesystem auditing, created our audit template, and staged our honey tokens for deployment in part one. In part two, we will deploy the honey tokens and identify various methods for monitoring adversary interaction. Deploying honey tokens using PowerShell (PoSh) I … Read more Blue Team Tactics: Honey Tokens Pt. II

Blue Team Tactics: Honey Tokens Pt. I

If you are defending an enterprise network, you should be using some form of honey token or canary, which is just something you place in your environment that no one should access. If any interaction is detected, it is usually an indicator of unauthorized activity. Using pseudo domain accounts as honey tokens usually illuminate the risk bubble … Read more Blue Team Tactics: Honey Tokens Pt. I