"All war is based on deception."

Sun Tzu
The Art of War

The Cyber Deception (CyDec) Platform

A toolkit of highly configurable and easily manageable cyber deception capabilities designed to draw adversaries away from your valuable data and identify enemy movement within your environment. Deceive on the network and on the endpoint. Bait the adversary with tempting targets. Confuse the enemy so they make mistakes. All war is based on deception and cyber war is no exception.

Honey Creds

Make the adversary think they found valuable credentials and get alerted to any attempted use.

Honey Files

Seed endpoints with deceptively named phantom files that can trigger alerts on contact.

Honey Pots

Deploy high-fidelity honey pots on the network to entice and confuse an attacker.

Spoofing

Make your systems appear as something else to an attacker fingerprinting your network.

Folder Deceptions

Deceive what an adversary sees inside a folder or just hide it completely.

Alerting and Response

Whether a passive sensor has been tripped or an active attack has been detected, CyDec provides you the information and tools to respond.

"Though fraud in other activities be detestable, in the management of war it is laudable and glorious..."

Niccolo Machiavelli
Discourses, 1517

Confuse The Adversary

The deception capabilities available with The CyDec Platform are both passive and active. The passive capabilities lie in wait until acted upon while the active capabilities dynamically project false information designed to confuse and deceive.


The actual Windows 10 system shown in the top Nmap OS scan without CyDec running and then performing the same scan again with CyDec Nmap OS spoofing enabled. This time it shows up as a Nintendo 3DS.

CyDec's anti-fingerprinting technology can deceive a variety of tools to include:

  • Nmap
  • GFI LanGuard
  • Nessus
  • p0f
  • Xprobe2

CyDec spoofing and honey pots support a range of protocols including:

  • Ethernet Type II
  • IPv4 and IPv6
  • ICMP
  • TCP
  • UDP
  • DHCP
  • SMB
  • HTTP

CyDec provides the ability to bait attackers on the endpoint into using bogus resources or to trick them to think the system contains nothing of value.

  • Honey credentials
  • Honey files
  • Folder deceptions

"Always mystify, mislead, and surprise the enemy..."

Lieutenant General 'Stonewall' Jackson
1862

Powerful and Customizable Alerting

CyDec doesn't stop at just tricking an attacker. It also provides powerful alerting and remediation mechanisms designed to stop an attack.

CyDec can identify techniques used by attackers for reconnaissance and lateral movement.

  • Port scans
  • OS fingerprinting
  • Suspicious SMB activity

CyDec can also be configured to respond to threats automatically.

  • Generate human or machine-readable alerts
  • Isolate system at the endpoint or the perimeter

"In his movements the general should ... feint in one direction to try to deceive his adversary."

The Emperor Maurice
The Strategikon, c. 600 AD

Why Deception?

When properly applied, cyber deceptions are formidable tools that can be used to identify attacks, highlight adversary movement and protect your valuable information. Deceptions create uncertainity for an attacker which will lead to costly mistakes and more resources expended.

Heilig Defense's Cyber Deception Platform provides powerful, yet easy-to-use, deception capabilities packaged in a customizable platform to meet your specific requirements.

Contact Us

Try CyDec Platform

You can try a little cyber deception yourself. Available for free download is the Nmap OS spoofing capability as shown in the video above as well as anti-fingerprinting browser extensions. These are just a small piece of the full platform designed to demonstate the power of deception and the CyDec Platform.

v4.2018.66.8245 - 8 March 2018
CyDec Nmap OS Spoofer (Windows x86)
CyDec Nmap OS Spoofer (Windows x64)

Browser Extensions
Chrome Extension
Firefox Extension