MITRE ATT&CK technique T1040
Tactic: Credential Access
Platform: Windows, Linux, Mac
- Inject honeytokens such as fake URLs and credentials into the network traffic
- Open network connections to fake systems or network services (i.e. honeypots)
- Beeswarm - It intentionally leaks credentials in the network traffic and then looks for the unexpected reuse of these honey credentials. Beeswarm operates by deploying fake end-user systems (clients) and services (honeypots).