Please use this identifier to cite or link to this item:
Title: Detección de intrusiones empleando técnicas de cyber-deception con credenciales señuelo en Directorio Activo
Author: Ruiz Mayorga, Luis
Tutor: Lopez Vicario, Jose  
Others: Vilajosana, Xavier  
Abstract: One of the main challenges that the cyberdefense industry faces is the early detection of security incidents to minimize the impact of the cyberattacks. The attacking techniques used by cybercriminals are becoming increasingly sophisticated. Thus, defense techniques must evolve accordingly. One of the many defensive security solutions is to deceive the enemies by guiding them to decoy networks and hosts (honeypots), which emulate real systems in a controlled environment. Nowadays, these honeypots have evolved towards approaches that focus on the distribution of decoys in real systems, which is known as deception techniques. This master thesis focuses on a particular deception technique, based on the distribution of decoy credentials on computers in an Active Directory domain using the open source tool DCEPT. This tool implements a unique approach with no alternative in the open source community. The distributed decoy credentials belong to a real user, so they cannot be identified as fake. Likewise, the detection of the use of credentials is completely transparent to the Active Directory environment, by simply sniffing the traffic that arrives at the Domain Controllers. Moreover, there is no risk of these credentials being used by the attackers because these mentioned credentials are not the correct ones for the real user. Although this approach is appealing, the DCEPT project has not been actively maintained by its developers and has become obsolete. This master thesis aims to update, complete, and improve this tool to make it useful and accessible to the community so that this project can continue developing.
Keywords: cybersecurity
Document type: info:eu-repo/semantics/masterThesis
Issue Date: 5-Jun-2022
Publication license:  
Appears in Collections:Trabajos finales de carrera, trabajos de investigación, etc.

Files in This Item:
File Description SizeFormat 
lruizmayTFM0622dcept_server.zipCódigo de DCEPT10,64 kBUnknownView/Open
lruizmayTFM0622network_captures.zipCapturas de tráfico de prueba13,78 kBUnknownView/Open
lruizmayTFM0622presentación.pdfPresentación del TFM1,03 MBAdobe PDFThumbnail
lruizmayTFM0622memoria.pdfMemoria del TFM1,51 MBAdobe PDFThumbnail