Hackers of India

DejaVu ++

 Bhadreshkumar Patel   Harish Ramadoss 



DejaVu is an open source deception framework which can be used to deploy decoys across the infrastructure. This could be used by the defender to deploy multiple interactive (Server and Client) decoys strategically across the network and cloud.

We have done massive updates to our platform (now DejaVu ++) and are excited to present these at Blackhat Europe. Some key updates:

  1. Decentralized architecture to support enterprise orgs
  2. Video recording of attacker’s movement, record attacker’s activity
  3. Highly interactive decoys to engage the attacker and reveal attacker motivation and TTP
  4. Integrated IDS for enriched alerts
  5. Full packet capture of attacker’s interaction with the decoy for forensic analysis.
  6. Cloud Ready decoys
  1. Dashboard with monitoring and analysis - Full lifecycle of event can be drilled into by an analyst
  2. New decoys
  1. Personalized threat inteligiance - Deploy customised decoys on DMZ to detect targeted threats
  2. Logging Capability - Ship logs to SIEM or other platforms using Syslog capability