home.social

#honeytoken — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #honeytoken, aggregated by home.social.

  1. Did someone already set up a honeypot with valid .env credentials and honeytokens?

    I'm really curious about a specific IP (78[.]153[.]140[.]171) which is hammering a shitload of virtual hosts with different .env paths.

    I'd love to understand where these credentials are actually being used later on.

    #honeytoken #honeypot #cybersecurity

  2. Do you use honeytoken accounts or devices in your organization?

    #Honeytoken #accounts are accounts that serve as bait for a threat actor. From an organization's perspective, these are standard accounts, usually equivalent to a regular employee's account. The only difference is that no one uses these accounts.

    Honeytoken accounts can also be configured in Microsoft Defender for Identity (#MDI). Any activity on such an account is then immediately reported as an incident in Microsoft 365 Defender. In addition to user accounts, it is also possible to add honeytoken devices with a similar principle.