Using Breadcrumbs β
Breadcrumbs are a powerful way to lure attackers toward your honeypots, keeping them away from your real systems and data. They act as decoys, mimicking valuable information that attackers often seek, such as credentials, network connections, or shares.
The information provided by breadcrumbs is fake and strategically placed in locations attackers are likely to explore. When an attacker interacts with a breadcrumb, they believe theyβve found something useful β but in reality, they are being guided directly to your Trapster instance. This triggers alerts faster and reduces the time they spend on your actual network.
How Breadcrumbs Work β
- Breadcrumbs can be configured as profiles or entries across various network services.
- Each breadcrumb is assigned a unique username and password pair, designed to look like legitimate credentials.
- These fake credentials are stored securely in your Trapster dashboard until you choose to delete them.
- Trapster never uses or exposes your real credentials.
Whenever an attacker attempts to use a fake credential:
- Trapster immediately detects the attempt.
- A breadcrumb alert is generated.
- You are notified of the exact machine and service the attacker tried to access, thanks to the note associated with each breadcrumb.
Managing Breadcrumbs β
Trapster simplifies the creation and management of breadcrumbs directly from your dashboard. You can:
- Generate new breadcrumbs automatically
- Store and track breadcrumb data securely
- Receive detailed alerts when breadcrumbs are triggered