Skip to content

Microsoft PowerPoint Honeytoken Enterprise

A Microsoft PowerPoint honeytoken embeds a hidden trigger in a .pptx presentation. Opening the file records the interaction and raises an incident.

Category: File

Configuration

OptionRequiredDescription
NoteYesWhere you placed the honeytoken

After creation

Download the .pptx file from the wizard.

Placement examples

Download the presentation and place it where an attacker might browse:

  • A shared project folder or meeting archive on a network drive
  • A cloud storage path like SharePoint > Projects > Internal
  • Backup slides or decks stored in restricted shares

Rename the file if appropriate (e.g. board_deck.pptx, strategy_2026.pptx). When someone opens the file, you receive an incident.