Honey Files
Information Security
Blue Team Tactics: Honey Tokens Pt. III
The final installment of the honey tokens series, covering multiple methods to centralize Windows Event ID 4663 audit logs including PowerShell, WEF, Splunk Universal Forwarders, and Splunk search queries.
Automation
Blue Team Tactics: Honey Tokens Pt. II
Part two of the honey tokens series covering PowerShell-based token deployment, validating audit ACL settings, and testing adversary interaction detection via PowerShell remoting, RDP, and Meterpreter process injection.