Misleading attackers with honeypots, honeytokens, and decoys to detect, study, and disrupt intrusions. For a list of open source honeypots, see awesome-honeypots.
- Explain Like I'm Five: Poison Records (2018) (Honeypots for Database Tables). (code) Acra Poison Records.
- Deception Engineering: exploring the use of Windows Service Canaries (2021) against ransomware. (code) KilledProcessCanary.
- Valve used secret memory access “honeypot” (2023) to detect 40K Dota 2 cheaters; see the Hacker News discussion on potential implementation techniques.
- Introducing HASH: The HTTP Agnostic Software Honeypot framework (2023) for creating HTTP low-interaction honeypots. (code) HASH.
- Cloud Active Defense (2024): Open-source cloud protection. (code) Cloud Active Defense.
- Thinkst’s It’s Baaack… Credit Card Canarytokens (2024) are now on your Consoles.
- UK’s NCSC on building a nation-scale evidence base (2024) outlines the UK’s goals for large-scale deception deployment.
- LLM Agent Honeypot (2024-2025) - A live experiment tracking AI-assisted attack activity in the wild.
- Wiz’s HoneyBee threat research (2025) covers their open-source honeypot deployment tooling for misconfiguration and exploitation detection.
- GreyNoise on deploying MCP honeypots (2025) shares results from observing MCP exploitation attempts.
- Building a Military Honeypot (2025) - Penn State’s effort to build deceptive camera and network environments for military use.
- Deel/Rippling lawsuit (2025) - A public case where an insider was detected via a honeypot Slack channel.
- Grafana’s security update on a GitHub workflow issue (2025) includes notes on deploying thousands of canaries.
- AWS on improving active defense to empower customers (2025) covers its large-scale honeypot system.
- Grafana’s canary tokens “unsung heroes” write-up (2025) shares ROI and lessons learned.
- watchTowr Labs on Canary Credentials in the wild (2025) highlights credential leakage via online tooling.
- UK’s NCSC on cyber deception trials (2025) shares early findings from UK-wide product trials.
- SpecterOps on mapping deception with BloodHound OpenGraph (2025) details how to model deception coverage in BloodHound.
- Resecurity on synthetic data for cyber deception and honeypots (2025) explores synthetic data to improve honeypot realism.
- Forescout on a hacktivist attack targeting OT/ICS (2025) analyzes the incident, including honeypot use and defensive takeaways.
- UpGuard on preventing supply chain attacks with honeytokens (2025).
- Demystifying Deception Technology: A Survey (2018) - Survey of deception taxonomies, deployment models, and evaluation gaps.
- Deception Techniques in Computer Security: A Research Perspective (2019) - Broad survey of deception methods and research directions.
- The Tularosa Study: An Experimental Design and Implementation to Quantify the Effectiveness of Cyber Deception (2019) - HICSS study with 130+ red teamers, manipulating deception presence and awareness while tracking cognitive and physiological effects.
- When Announcing Deception Technology Can Change Attacker Decisions (2024) - Study on how disclosure of deception influences attacker behavior.
- Prospect Theoretic Hypothesis Testing-based Cyber Deception (2025) - Study on using prospect theory to shape deception during reconnaissance.
- Towards bio-inspired cyber-deception: a case study of SSH and Telnet honeypots (2025) - Evaluates bio-inspired deception strategies in Cowrie SSH/Telnet honeypots.
- Koney: A Cyber Deception Orchestration Framework for Kubernetes (2025) - Orchestrates deception assets across Kubernetes clusters.
- Applying game theory to deception (2025) - Models attacker-defender dynamics using game-theoretic approaches.
- Database Deception using Large Language Models (2025) - Applies LLMs to create deceptive database artifacts.
- A Descriptive Model for Modelling Attacker Decision-Making in Cyber-Deception (2025) - Proposes a model of attacker engagement decisions under deception cues.
- Agentic AI for Cyber Resilience: A New Security Paradigm and Its System-Theoretic Foundations (2025) - Argues for agentic resilience with cyber deception case studies.
- SoK: Honeypots & LLMs, More Than the Sum of Their Parts? (2025) - Systematizes LLM-powered honeypot research and evaluation trends.
- HoneyTrap: Deceiving Large Language Model Attackers to Honeypot Traps with Resilient Multi-Agent Defense (2026) - Proposes a deceptive LLM defense framework with multi-agent coordination, plus a progressive jailbreak dataset and new metrics for measuring misdirection and attacker cost.
- Measuring the Efficacy of Cyber Deception (2026) - Examines how to measure cyber deception effectiveness by reviewing existing evaluation approaches and proposing new metrics and frameworks to assess deceptive tactics in modern, AI-augmented threat environments.
- Q-Cowrie: Reinforcement Learning for Adaptive Honeypot Deception (2026) - Presents “Q-Cowrie,” a reinforcement learning-enhanced Cowrie honeypot that models attacker decisions with an MDP and adapts responses during attacker interaction.
- Deception and Detection: Why Artificial Intelligence Empowers Cyber Defense over Offense (2026) - Argues that AI automation benefits cyber defense more than offense, widening an offense-defense automation gap as stakes increase.
- Evaluating Deception and Moving Target Defense with Network Attack Simulation
- Honeyquest
- Knocking on Admin’s Door: Protecting Critical Web Applications with Deception
- SCANTRAP: Protecting Content Management Systems from Vulnerability Scanners with Cyber Deception and Obfuscation
- Birding Guide - Detect attackers without breaking the bank
- Taxonomy and terminology - Terminology and definitions for cyber deception.
- The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program (2026) - CSA strategy briefing that flags deception as a priority in AI-driven vulnerability discovery and response programs.
- Deception & Operations Planning Frameworks (2025) - ShmooCon talk on a physical deception operation.
- Applying Deception to the Attack Lifecycle (2025) - Tim Pappa and Skylar Simmons (Walmart) on using deception across the attacker journey.
- Sweet Deception: Mastering AWS Honey Tokens to Detect and Outsmart Attackers (2025) - Nick Frichette.
- Continuous Integration / Continuous Deception: Trying my luck as a malicious maintainer (2025) - Benedikt Haußner.
- Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale (2024) - BSides Exeter.
- Counter Deception: Defending Yourself in a World Full of Lies (2024) - DEF CON 32, Tom Cross and Greg Conti.
- Mirage: Cyber Deception Against Autonomous Cyber Attacks (2024) - Black Hat USA 2024, Ron Alford and Michael Kouremetis.
- Active Defense & Deception (AD&D) - Active conference, most recent event in 2025.
- Honeynet Workshops - Active conference, most recent event in 2025.
- /r/cyber_deception - Subreddit dedicated to cyber deception.
- The Honeynet Project - Non-profit organization researching deception and honeynet technologies.
- MITRE Engage™ - Adversary engagement framework, with a data repository.
- MITRE D3FEND™ - Defensive cybersecurity countermeasures knowledge graph, with software repositories.
- Deception-as-Detection - Deception planning mapped against the MITRE ATT&CK matrix.
This repository started as a fork of emilyanncr/awesome-deception, which itself was forked from tolgadevsec/Awesome-Deception; it aims to be a more regularly updated awesome deception list.