awesome-deception
An awesome collection of articles, papers, conferences, guides, and tools relating to deception in cybersecurity.
https://github.com/tracebit-com/awesome-deception
Last synced: 4 days ago
JSON representation
-
Articles
- Poison Records - poison-records-demo).
- secret memory access “honeypot”
- Honeypot framework - interaction honeypots. (code) [HASH](https://github.com/DataDog/hash).
- Active Defense - source cloud protection. (code) [Cloud Active Defense](https://github.com/SAP/cloud-active-defense).
- Credit Card Canarytokens
- building a nation-scale evidence base - scale deception deployment.
- LLM Agent Honeypot - 2025) - A live experiment tracking AI-assisted attack activity in the wild.
- HoneyBee threat research - source honeypot deployment tooling for misconfiguration and exploitation detection.
- deploying MCP honeypots
- Building a Military Honeypot - Penn State’s effort to build deceptive camera and network environments for military use.
- Deel/Rippling lawsuit - A public case where an insider was detected via a honeypot Slack channel.
- improving active defense to empower customers - scale honeypot system.
- Canary Credentials in the wild
- cyber deception trials - wide product trials.
- mapping deception with BloodHound OpenGraph
- synthetic data for cyber deception and honeypots
- a hacktivist attack targeting OT/ICS
- preventing supply chain attacks with honeytokens
- a Canadian election-list canary trap
- Practical Package Security: The Unofficial Guide - signal detection, citing Grafana’s canary AWS key alert during a compromised GitHub Action incident.
-
Communities
-
Code Repositories
- /r/cyber_deception - Subreddit dedicated to cyber deception.
- The Honeynet Project - Non-profit organization researching deception and honeynet technologies.
-
-
Conferences
-
Code Repositories
- Active Defense & Deception (AD&D) - Active conference, most recent event in 2026.
- Honeynet Workshops - Active conference, most recent event in 2025.
-
-
Footnotes
-
Code Repositories
- emilyanncr/awesome-deception - Deception](https://github.com/tolgadevsec/Awesome-Deception); it aims to be a more regularly updated awesome deception list.
-
-
Frameworks
-
Code Repositories
- MITRE Engage™ - Adversary engagement framework, with a [data repository](https://github.com/mitre/engage/tree/main).
- MITRE D3FEND™ - Defensive cybersecurity countermeasures knowledge graph, with [software repositories](https://github.com/d3fend).
- Deception-as-Detection - Deception planning mapped against the MITRE ATT&CK matrix.
-
-
Guides
-
Code Repositories
- Birding Guide - Detect attackers without breaking the bank
- Taxonomy and terminology - Terminology and definitions for cyber deception.
- The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program - CSA strategy briefing that flags deception as a priority in AI-driven vulnerability discovery and response programs.
-
-
Podcasts
-
Code Repositories
- EP281: Deceiving Adversaries at Scale with Kevin Conley - Cloud Security Podcast by Google episode on lessons from scaling deception technology at Riot Games.
-
-
Research
-
Code Repositories
-
Papers
- Demystifying Deception Technology: A Survey - Survey of deception taxonomies, deployment models, and evaluation gaps.
- Deception Techniques in Computer Security: A Research Perspective - Broad survey of deception methods and research directions.
- The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception - HICSS study with 130+ red teamers, manipulating deception presence and awareness while tracking cognitive and physiological effects.
- When Announcing Deception Technology Can Change Attacker Decisions - Study on how disclosure of deception influences attacker behavior.
- Prospect Theoretic Hypothesis Testing-based Cyber Deception - Study on using prospect theory to shape deception during reconnaissance.
- Towards bio-inspired cyber-deception: a case study of SSH and Telnet honeypots - Evaluates bio-inspired deception strategies in Cowrie SSH/Telnet honeypots.
- Koney: A Cyber Deception Orchestration Framework for Kubernetes - Orchestrates deception assets across Kubernetes clusters.
- Applying game theory to deception - Models attacker-defender dynamics using game-theoretic approaches.
- Database Deception using Large Language Models - Applies LLMs to create deceptive database artifacts.
- A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception - Proposes a model of attacker engagement decisions under deception cues.
- Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations - Argues for agentic resilience with cyber deception case studies.
- SoK: Honeypots & LLMs, More Than the Sum of Their Parts? - Systematizes LLM-powered honeypot research and evaluation trends.
- HoneyTrap: Deceiving Large Language Model Attackers to Honeypot Traps with Resilient Multi-Agent Defense - Proposes a deceptive LLM defense framework with multi-agent coordination, plus a progressive jailbreak dataset and new metrics for measuring misdirection and attacker cost.
- Measuring the Efficacy of Cyber Deception - Examines how to measure cyber deception effectiveness by reviewing existing evaluation approaches and proposing new metrics and frameworks to assess deceptive tactics in modern, AI-augmented threat environments.
- Deception and Detection: Why Artificial Intelligence Empowers Cyber Defense over Offense - Argues that AI automation benefits cyber defense more than offense, widening an offense-defense automation gap as stakes increase.
- Q-Cowrie: Reinforcement Learning for Adaptive Honeypot Deception - Presents “Q-Cowrie,” a reinforcement learning-enhanced Cowrie honeypot that models attacker decisions with an MDP and adapts responses during attacker interaction.
- Detecting Offensive Cyber Agents: A Detection-in-Depth Approach - Proposes detection-in-depth for offensive cyber agents, recommending agent honeypots to reveal autonomous attackers’ methods and urging existing honeypot operators to add agent-activity collection.
-
-
Talks
-
Code Repositories
- Deception & Operations Planning Frameworks - ShmooCon talk on a physical deception operation.
- Applying Deception to the Attack Lifecycle - Tim Pappa and Skylar Simmons (Walmart) on using deception across the attacker journey.
- Sweet Deception: Mastering AWS Honey Tokens to Detect and Outsmart Attackers - Nick Frichette.
- Continuous Integration / Continuous Deception: Trying my luck as a malicious maintainer - Benedikt Haußner.
- Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale - BSides Exeter.
- Counter Deception: Defending Yourself in a World Full of Lies - DEF CON 32, Tom Cross and Greg Conti.
- Mirage: Cyber Deception Against Autonomous Cyber Attacks - Black Hat USA 2024, Ron Alford and Michael Kouremetis.
-
-
Uncategorized
-
Uncategorized
- Discussion on Hacker News
- security update on a GitHub workflow issue
- canary tokens “unsung heroes” write-up
- Engage
- D3FEND
- awesome-honeypots - A thorough and fairly regularly updated list of open source honeypots.
- Q-Cowrie: Reinforcement Learning for Adaptive Honeypot Deception - presents “Q-Cowrie,” a reinforcement learning-enhanced Cowrie honeypot that models attacker decisions with an MDP and adapts responses during attacker interaction.
- Q-Cowrie: Reinforcement Learning for Adaptive Honeypot Deception - presents “Q-Cowrie,” a reinforcement learning-enhanced Cowrie honeypot that models attacker decisions with an MDP and adapts responses during attacker interaction.
- Q-Cowrie: Reinforcement Learning for Adaptive Honeypot Deception - presents “Q-Cowrie,” a reinforcement learning-enhanced Cowrie honeypot that models attacker decisions with an MDP and adapts responses during attacker interaction.
-
Programming Languages
Categories
Sub Categories