| On-Premises |
Decoy servers, databases, file shares built from your actual terrain |
Lateral movement, insider threats, privilege escalation |
| Endpoint |
Fake credentials, planted browser passwords, registry breadcrumbs |
Account hijacking, credential harvesting, pass-the-hash |
| Network |
Decoy services across DNS, TCP, HTTP, SSL, and custom app protocols |
Unauthorized reconnaissance, port scanning, lateral movement. Provides early threat detection across the network fabric. |
| Cloud (AWS) |
Fake IAM entries, decoy storage buckets, cloud-native trap resources |
Cloud credential abuse, cloud-native lateral movement |
| OT / ICS |
Decoy ICS devices running industrial protocols (Modbus, DNP3, etc.) |
Recon against industrial control systems and SCADA |
| Active Directory |
Fake accounts, fake service principals, honeytokens inside AD |
AD enumeration, Kerberoasting, credential theft at recon stage |
