TMCnet News
Honeypots Too Easy for Hackers? Javelin Networks Reveals the Distributed Deception Market's Detectable Bread Crumbs that Hackers Find and AvoidBLACKHAT CONFERENCE-- Javelin Networks today revealed research showing that today's "Distributed Deception" attack defense solutions are too easily discovered and defeated by hackers. These cyber security platforms, described as Honey Tokens, Honey-Bread Crumbs, and Honey Pots are used to detect cyber attackers who have already breached the network and are moving towards their objectives. The main idea behind defensive Honey Tokens is to lure attackers, tricking them to think they're on the right path to achieve privileged credentials or spread through the domain environment. All Honey Tokens/Lures can be studied and can be easily avoided by the average attacker. With simple validations taking just minutes, attackers can identify objects and avoid the traps. The validation by attackers and avoidance of Honey Tokens can be done without triggering any alarm, without authentication or lateral movement. This activity can be integrated with Red Team tools such as Empire or Bloodhound (News - Alert), and enhance the automation of Red Team hacking process. "The truth is that cyber attackers, even with minimal knowledge, will too easily detect distributed deception schemes, and shape their attacks to avoid the honey with even the slightest evidence that the deception is fake," said Greg Fitzgerald, COO for Javelin Networks. "The evidence is just too easy to find and this presents an opportunity to improve defenses, and Javelin is here to help." With its latest research unveiled at the BlackHat conference, Javelin Networks (Exhibition Booth 573) has unveiled 7 Common Active Directory related Honey Tokens objects that Red Teamers encounter.
It leverages LDAP Queries to find domain objects, loads DLL to access the LSASS process for local tokens gathering (might trigger AVs soon too) Supports all Windows OS's, however, some of the features will not work with Windows Credentials Guard, and Windows 10 Creators Update. For details, visit: http://jblog.javelin-networks.com/blog/the-honeypot-buster/. About Javelin Networks: More defenders are recognizing the attackers ease at stealing credentials and moving laterally. The main culprit is Active Directory, the heart of 90% of the world's networks. Active Directory is the key to the network kingdom, giving the attacker access to everything domain connected. Attackers understand that Active Directory is exposing the target environment - by Microsoft's design for an easier to manage IT architecture. Javelin Networks can show you a better way. Contact us: [email protected]
View source version on businesswire.com: http://www.businesswire.com/news/home/20170724006062/en/ |