Deploy a fake SSH server that mimics a legitimate one but presents an interactive shell environment with fabricated system information and files. This can be used to engage attackers, gather information about their skills and intentions, and waste their time.
Category: Defensive
Deceptive Web Application with Fake Login Form
Create a decoy web application that mimics a legitimate login page but captures attacker credentials and redirects them to a controlled environment. This can be used to identify attackers, gather information about their targets, and prevent them from accessing real systems.
Fake Network Service with Unexpected Protocol Behavior
Deploy a network service that mimics a legitimate one but responds to requests with unexpected or non-compliant protocol behavior. This can be used to confuse attackers, trigger vulnerabilities in their tools, or gather information about their scanning techniques.
Deceptive HTTP Response with Delayed Content
Craft a web server that responds to HTTP requests with a delayed response body. This can be used to frustrate attackers, slow down automated tools, or identify attackers who are actively monitoring network traffic.
Fake API Gateway
Deploy a decoy API gateway that mimics a legitimate one but intercepts requests and returns fabricated or manipulated responses. This can be used to mislead attackers, disrupt their tools, or gather information about their intentions.
Google Cloud Functions Honeypot
Deploy a decoy Google Cloud Function that appears to perform a sensitive operation (e.g., accessing a database, processing payment information) but, in reality, only logs invocation attempts and attacker-supplied data.
Deceptive OAuth 2.0 Consent Screen
Craft a fake OAuth 2.0 consent screen that mimics a legitimate Google service but requests excessive or unusual permissions. Monitor interactions with this screen to identify attackers attempting to trick users into granting unauthorized access.
Fake Google Workspace Shared Drive with “Confidential” Documents
Create a decoy Google Workspace Shared Drive containing fabricated documents with names suggesting sensitive information (e.g., “Financial Projections,” “Customer Database”). Monitor access and download activity to identify attackers attempting to exfiltrate data.
Fake Google Cloud Service Accounts with High Permissions
Create decoy service accounts with names suggesting elevated privileges (e.g., “deployment-admin,” “database-owner”) but with restricted access. Monitor any attempts to utilize these accounts, which could indicate an attacker attempting privilege escalation or lateral movement.
Azure Storage Account with Honeyfiles
Create a decoy Azure Storage Account containing fabricated files that appear to be valuable or sensitive. Monitor access patterns and download attempts to identify attackers seeking to exfiltrate data or gain unauthorized access.