Skip to content

DejaVU - Open Source Deception Framework - V10.0
Compare
Choose a tag to compare
@bhdresh bhdresh released this 05 Jul 17:30
· 99 commits to master since this release
v10.0
c462af9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

One of the major advantages of DejaVu V10.0 is - Using a single platform you can deploys decoys across different VLANS and manage, monitor them.

Use Cases

Below are few examples attack vectors using DejaVu platform you can detect:

  • (Attack) : Port Scan/Enumeration

    (Defense) : Fake Services spread out throughout the network

  • (Attack) : Password Spray/ Brute Force Attack

    (Defense) : Deploy multiple common services, attempts on two/more decoys potentially a password spray attempt

  • (Attack) : Attacker targeting low hanging fruits - Tomcat/MSSQL/Jenkins

    (Defense) : Deploy common platforms attackers look for initial foothold

  • (Attack) : Responsder/ LLMNR Poisoning

    (Defense) : NBNS client side decoys to detect MITM attacks

  • (Attack) : Bloodhound/Similar tools to identify attack path

    (Defense) : DNS Records Manipulation and fake servers

  • (Attack) : Lateral Movement - Pass the Hash

    (Defense) : Fake Sessions and Injecting Memory Credentials Tokens

  • (Attack) : Kerberoast attack

    (Defense) : Kerberoasting Service Accounts Honey Tokens

  • (Attack) : Data Ex-filtration

    (Defense) : Honeyfiles to detect ex-filtration occurrences

Architecture

Architecture

  • DejaVu Engine: This is used deploy decoys across your infrastrucure. So let's you have multiple offices, you would depoloy an engine in each.
  • DejaVu Console: A centralized console to view and manager all the alerts from your various engines. Think of this as your dashboard. Engines connect to Console.

Decoy Types

  • Server Decoys

    • MYSQL
    • SNMP
    • Custom HTTP Decoy - You can configure this with a custom HTML template
    • TELNET
    • SMB Server with custom files
    • FTP
    • TFTP
    • Web Server - Tomcat, Apache, Basic Auth
    • SSH Interactive and Non-Interactive
    • SMTP
    • RDP Interactive and Non-Interactive
    • VNC
    • HONEYCOMB (To capture events from Honey Docs)
    • ICS/SCADA Decoys - Modbus and S7COMM

  • Client Decoys

    • NBNS Decoy
    • MITM Decoy
    • SSDP Client
    • Email Client

  • BreadCrumbs

    • Honey Docs
    • HoneyHash - Injects creds into memory
    • Kerberoast Honey Account
Assets 2
Loading