Dell Open Sources DCEPT, a Honeypot Tool For Detecting Network Intrusions

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

Re:

[110010001000]

Hate to break it to you: but you are already running Linux in your business. You just don't know it.

Re:

[Anonymous Coward]

Hate to break it to you: but you are already running Linux in your business. You just don't know it.

Hate to break it to you, but the CxO doesn't really give a shit beyond their Outlook, Internet Exploder, Exchange, and MS Office toolset.

One could argue that Java runs the world, except that CFOs still think you're talking about a pot of fucking coffee.

And to start the Admin UI you would click on the

[HumanWiki]

DCEPT Icon?

Re:

[BeauHD]

*slow clap*

Re:

[HumanWiki]

Thanks all.. It certainly does have the potential to Transform security.

Re:

[ItsJustAPseudonym]

Humor in disguise.

Re:

[cant_get_a_good_nick]

Megatron, a.k.a. Calvin Johnson, just retired from the NFL. I guess he ran out of Energon.

Tripwire?

[ickleberry]

Misread as 'tripeware', which tbh is all I can imagine it being when Dell has put their name to it

Re:

[httptech]

Well that's kind of hurtful...

A Honeypot tool for detecting Windows intrusions

[tetraverse]

"DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory." ref [github.com]

Re:

[codeAlDente]

I, for one, consider this more of a honeydick than a honeytoken or a honeypot.

The Year of Open Source on the Planet

[wjcofkc]

For the longest time the never arriving "Year of Linux on the Desktop" was to herald the success and legitimization of Open Source Software. Perhaps we were a bit narrow minded. Linux as a desktop OS, however popular and yes I am a user of 20 years myself, is dwarfed in the world of Open Source by so many massively successful and important products. Over the last couple of years we have seen many major companies, traditionally closed source all the way, begin to Open Source massive products. Even Microsoft,

Re:

[rahvin112]

The year of the Linux Desktop was achieved long ago with the success of Android. In 2015 Android controlled 65% of cellular phones in the US, 70% in Europe and similar or higher numbers throughout the rest of the world. Nearly 3/4s of the world cellular devices are now Linux based.

That success is expanding rapidly in things like Chromebooks which have been in the top 3 sales spots on Amazon for something like 3 years straight.

Linux is here and has been for a long time now, did you miss it? Or are you trying

Snort, Fail2ban, Nagios, Wireshark, Tripwire, etc.

[Freshly Exhumed]

Any IT manager who uses the most compromisable OS on which to base intrusion detection and security tools needs to have hizzerher ass fired. Out of a cannon. Into the sun.

Open source tools like in the title of this post need to run on a hardened Unix/Linux platform.

R&D

[ISoldat53]

I know I asked this before, but, Dell has an R&D?

Re:

[ratsg]

I know I asked this before, but, Dell has an R&D?

Back in the day Dell had their own Sys V Unix.

http://virtuallyfun.supergloba... [superglobalmegacorp.com]

Now.... not so much.