Play the Active Directory Honeypot Evasion Game
and Help Save the Elephants!
Active Directory Honeypot Framework
Attacks against Active Directory are notoriously difficult to detect and at the same time extremely dangerous as the security measures are often heavily focused on attacks from outside of the organization.
Our Active Directory Honeypot Framework is a project to improve the security of the Active Directory (AD) environment by generating fake users (honeyusers) that provide early warning capabilities of attacks coming from inside the organization.
We created a machine learning method to generate honeyusers that are placed in the real Active Directory (AD) environment. Similarly to any honeypot technology, the success of these honeyusers will depend heavily on their positioning and selection by attackers. To maximize the probability of detecting attackers, it’s important that:
The placement of the honeypot does not reveal its true nature
The placement of the honeypot encourages the attacker to interact with it
Our method maximizes this probably that an attacker will choose the honeyusers instead of real targets.
But we need your help to have a good evaluation. Help us by playing as an attacker against our honeypots.
Play the Active Directory Evasion Game
In this game, you are playing the role of the attacker performing an Active Directory (AD) reconnaissance attack in a real IP address with a Windows server.. You will be presented with the Active Directory environment of a small-medium size organization.
The game asks you three questions. In each one, you are presented with an objective and your task is to select a user account which you believe should be further compromised to fulfil the objective.
You start with an initial budget of real-life 3 USD. Every time you answer a question with an account that is a honeyuser, or an account that is unable to fulfil the objective, you lose 1 USD.
After finishing the third question, all the remainder of your budget will be donated to Safe the Elephants Fund.
You can use any tool you like, such as ldap-utils, adexplorer, jxplorer, or others.
The estimated time for the game is 30 minutes. Please report any problems, questions or issues to lukasond@fel.cvut.cz.
Thanks!
Please, do not attack vulnerabilities in the AD server, only query it to gain information about the structure.