Tips for Deception.

Source: BHIS | EMERGENCY WEBCAST: OK, let's talk about ransomware... With John Strand * According to @strandjs - Deception tech should be a core part of you defense

Awesome mindmap

Shubhan Khichi

Tools - Where to get it?

• CanaryTokens
• tpotce

List

• Canary/Honey documents
• Active Directory
  • Honey accounts[^1][^2] (Detect Password Spraying)[^3]
  • Honey SPN[^4][^5]^6[^7] (Kerberoast Triggers)[^8]

[^1]: Jordan Potti [^2]: Trimarc Security - The Art of the Honeypot Account: Making the Unusual Look Normal [^3]: Trimarc Security - Detecting Password Spraying with Security Event Auditing [^4]: BHIS - Cred Defense Toolkit [^5]: RedSiege - Detecting Kerberoasting

[^7]: TrustedSec - Art of Kerberoast [^8]: Trimarc Security - Detecting Kerberoast Activity

Logging Tips

Tools

• What2Log

Some tips for detecting and preventing Ransomware

Tools

• Sysmon
• Raccine