Honeypots, Honeytokens, and Attacker Interaction
RCCE students will learn how to deploy and operate deceptive assets that attract unauthorized activity, expose attacker behavior, and generate high-confidence signals for investigation. RCCE students will learn to select realistic decoy targets, instrument deceptive data, avoid creating additional risk, analyze attacker interaction, and convert deception hits into actionable incident response and hunting workflows. The course covers practical scenarios ranging from setup and placement to monitoring, enrichment, and defensive action. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- SOC Analysts and Incident Responders
- Detection Engineers and SIEM Content Authors
- Threat Hunters improving adversary coverage
- Security Operations Team Leads
- Professionals implementing Honeypots, Honeytokens, and Attacker Interaction
- Execute hands-on tasks for attacker interaction
- Explain Course Overview fundamentals
- Execute hands-on tasks for what are honeypots?
- Execute hands-on tasks for core characteristics — covering Decoy systems designed to appear as real, Appear genuine to external scanners and.
- Execute hands-on tasks for low interaction
- Execute hands-on tasks for medium interaction
- Execute hands-on tasks for high interaction — covering Emulates limited services, Simulates application-.
- Execute hands-on tasks for production honeypots
- Execute hands-on tasks for research honeypots
- Execute hands-on tasks for database honeypots
- Execute hands-on tasks for spam honeypots
- Execute hands-on tasks for what are honeytokens?
| Module 01 | Attacker Interaction |
| Module 02 | Course Overview |
| Module 03 | What Are Honeypots? |
| Module 04 | Core Characteristics |
| Module 05 | Low Interaction |
| Module 06 | Medium Interaction |
| Module 07 | High Interaction |
| Module 08 | Production Honeypots |
| Module 09 | Research Honeypots |
| Module 10 | Database Honeypots |
| Module 11 | Spam Honeypots |
| Module 12 | What Are Honeytokens? |
| Module 13 | Data-Level Deception Assets |
| Module 14 | Honeytoken Categories |
All hands-on labs run on Rocheston Rose X OS. Students practice honeypots, honeytokens, and attacker interaction by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for attacker interaction
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what are honeypots?
- Lab 4: Execute hands-on tasks for core characteristics
- Lab 5: Execute hands-on tasks for low interaction
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Honeypots, Honeytokens, and Attacker Interaction, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI