Mitre
Honeypots
Honeypot Diaries: SSH Authorized Keys
Analyzing threat actor activity and malware observed in geographically dispersed honeypots.
Automation
Blue Team Tactics: Honey Tokens Pt. I
Part one of a series on deploying honey token files in a Windows enterprise environment, covering GPO-based file system auditing, creating pseudo sensitive files, and configuring audit ACL templates.