Goal: Expose attackers attempting to enumerate or exploit group memberships and gather information about their activities.
Approach: Creating fake user groups or assigning users to deceptive groups to monitor unauthorized access attempts.
Create fake user groups with enticing names or privileges, or assign honeytoken accounts to legitimate groups to lure attackers and monitor their attempts to exploit group memberships.