Redefining CyberSecurity

Making Honeypots Useful Again: Identity Security, Deception, and the Art of Detection | A Conversation with Sean Metcalf | Redefining CyberSecurity with Sean Martin

Jul 30, 2025
Sean Metcalf, an Identity Security Architect at TrustedSec and a seasoned speaker at major cybersecurity conferences, dives deep into the innovative use of honeypots in identity security. He explains how these deceptive tools can trap intruders while enhancing detection in Microsoft environments. Metcalf shares practical strategies for using old service accounts as bait and discusses the critical role of naming conventions in creating convincing honeypots. His insights highlight the balance between detection accuracy and the need for robust security measures.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Inside The Network The Odds Flip

  • Once attackers are inside they must avoid mistakes because defenders only need one detection.
  • Plant tripwires so attacker missteps become high-fidelity alerts for defenders.
ADVICE

Repurpose Old Service Accounts As Bait

  • Repurpose long-lived service accounts as honeypots rather than creating obvious new accounts.
  • Give them believable SPNs so Kerberoasting attempts expose attacker activity.
ADVICE

Blend Honeypots Into Naming Patterns

  • Make honeypot accounts mimic your org's naming conventions and small quirks to blend in.
  • Avoid template-looking or brand-new artifacts that attackers can instantly spot.
Get the Snipd Podcast app to discover more snips from this episode
Get the app