Offensive Countermeasures The Art Of Active Defense Pdf 〈ESSENTIAL × 2025〉

A tarpit is a service that intentionally slows down a connection. If you detect an SSH brute-force attempt, you redirect the attacker to a tarpit that accepts their password hash but takes 5 minutes to respond. One attacker connection can be tied up for days, burning their compute resources (cloud costs) and patience.

You need more than one honeypot. Use tools like Modern Honey Network (MHN) or Canary Tokens. offensive countermeasures the art of active defense pdf

Attackers have the advantage of time and initiative. They only need to be right once; defenders need to be right every time. The book flips this dynamic. By deploying active defenses, you force the attacker to be right every single step of the way. One mistake by the attacker (tripping a tripwire, touching a honeytoken) alerts the defense. A tarpit is a service that intentionally slows