Forum Discussion
Defender Deception Advance Lures - verification
Hello everyone, I'm looking to deploy defender deception in our environment. I've successfully tested and verified the basic lures, but I'm having trouble with the advanced lures/decoys. Specificall...
Hi bluecole,
You’re on the right track with testing the basic lures. For the advanced lures and account-planted cached credentials, they might not show up in LSASS directly. Instead, you may need to check other areas like the Local Security Authority or registry keys, which might store cached credentials.
From an attacker’s perspective, i guess discovering these decoys would typically involve searching for unusual accounts or attempting to interact with services that aren’t normally used in the environment. However, if Defender is set up correctly, these lures should remain hidden unless actively targeted by the attacker.
Hope this helps!
