Forum Discussion
Any honeytoken program thoughts to share?
I am looking to utilize the MDI honeytoken feature and looking for any suggestions. In terms of enticement or effort to minimize suspicion, here are my initial thoughts but am certainly open to a...
MarshMadness You should configure your honeytoken account in the same manner as your other privileged accounts. Same naming convention, same OU, etc. The account should never be used to logon. If assigning domain admin or other privileges make sure to use long complex passwords and have mitigation in place or be prepared to respond in the event of any alerts. It depends on the size of your organization and domain but I would suggest starting with a single account so as to not be overexposed. You have to take into account all of your existing privileged accounts, which while real and in use, are also targets for attackers and contribute to your attack surface.
edinili84 TYVM for your input.
