Enterprise HoneyPot Project

************ Honeypot Active Directory Security Information **********


“ShrikeForce Labs” domain is on Windows 2016

Full Auditing is turned on per recommended guidelines

– Event Log forwarding is enabled

– Powershell v5 Enabled + Win-RM is Enabled

– LimaCharlie EDR Installed on Servers and Desktops

– Windows Defender is Enabled + Latest Signatures



*********What Makes This Different From Other HoneyPots ?**********




Registered small business with the State of California

– Office Space Address is verified (In case APTs are performing deep recon)


Received Dun & Bradstreet D‑U‑N‑S Number unique nine-digit identifier for businesses

*************** How will you attract APTs/Adversaries ***************



Registered small business with the Linkedin

Created Exchange Email Accounts + Linkedin profiles for “employees” (Think phishing emails)


Configured Weak Passwords on RDP-Enabled Internet Facing Windows Endpoint(s)

Configured Several Other Vulnerable Network Services + Web Services (SQL,FTP etc..)
Configured Weak Passwords AD Service Accounts

Fake Business Plans/Documentation/Attractive Documents