Deploy a decoy pod within an AKS cluster that mimics a legitimate application but contains fake data or triggers alerts upon access. Monitor network traffic and logs associated with this pod to identify attackers attempting to exploit vulnerabilities or gain access to sensitive information.
Category: Defensive
Azure Active Directory (AD) Decoy User Accounts
Create fake user accounts within Azure AD with enticing names or roles (e.g., “admin,” “backup_admin”). Monitor login attempts and activity related to these accounts to identify credential stuffing or brute-force attacks.
Azure Web Application Firewall (WAF) Honeytrap
Configure a decoy Azure WAF with intentionally permissive rules to attract attackers. Monitor traffic hitting this WAF to identify malicious patterns and gather intelligence on attack techniques.
Azure Logic App Honeypot
Deploy a non-functional Azure Logic App that mimics a critical workflow. Monitor any attempts to trigger or interact with this app to detect reconnaissance or attempts to disrupt business processes.
Azure Key Vault Honeytoken
Create a fake Azure Key Vault instance containing decoy secrets and keys. Monitor access to this vault to detect attempts to steal sensitive information.
Spoofed Mail Server
This element involves setting up a fake email server that appears to be legitimate but captures all incoming emails, including phishing attempts or spam.
Rogue FTP/SFTP Server
This element involves setting up a fake file transfer server (FTP or SFTP) that mimics a legitimate one but captures attacker credentials and files, and logs their activities.
Fake Print Jobs
This element involves creating fake print jobs that appear to contain sensitive or confidential information but are actually filled with fabricated data or trigger alerts upon printing.
Fabricated Application Logs
This element involves creating fake entries in the user’s application logs, indicating actions or events that did not actually occur.
Honeyfile Documents
This element involves creating fake office documents (e.g., spreadsheets, presentations, text documents) that appear to contain sensitive or confidential information but are actually filled with fabricated data or trigger alerts upon access.