[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-37026-en":3,"doc-seo-37026-105":29,"detail-sidebar-cat-0-en-105":89},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},37026,962075114101,"Seraphina","https://ap-avatar.wpscdn.com/avatar/e000253a75eb197efd?x-image-process=image/resize,m_fixed,w_180,h_180&k=1780044092746381165",8,"Research & Report","ShadowNet: A Deceptive Active Directory Honeypot for Detecting Targeted Intrusions using Splunk","Modern enterprise networks rely on Active Directory, making it a key target for reconnaissance, credential theft, and lateral movement. ShadowNet delivers a high-interaction deception framework by deploying a realistic, production-like AD environment designed to attract adversarial behavior. The approach combines Sysmon-based telemetry with Splunk Enterprise for real-time log correlation, enabling accurate detection of Kerberoasting, brute-force attempts, and privilege-escalation actions. Decoy accounts, SPNs, and bait resources preserve interaction fidelity, while experiments with simulated intrusions achieve sub-3-second detection latency and complete attacker sequence visibility.","","cbCaiuyNZubyq8db","https://ap.wps.com/l/cbCaiuyNZubyq8db","pdf",576999,1,5,"English","en",105,"# Introduction\n## Active Directory as an attack target\n## Limitations of traditional perimeter defenses\n# ShadowNet framework\n## High-fidelity decoy environment\n## Enterprise-grade telemetry integration\n## Enhanced forensic visibility\n## Real-time threat correlation\n# Literature Review","[{\"question\":\"What problem does ShadowNet address in Active Directory security?\",\"answer\":\"ShadowNet addresses limited visibility into identity-centric intrusions that exploit legitimate authentication and generate overwhelming log volumes. It focuses on detecting targeted actions like Kerberoasting and brute-force attempts with better signal-to-noise through deception and analytics.\"},{\"question\":\"How does ShadowNet detect attacks using Splunk?\",\"answer\":\"ShadowNet integrates Sysmon-based telemetry with Splunk Enterprise to correlate logs in real time. Custom Splunk correlation searches identify attack patterns such as Kerberoasting and brute-force attempts while keeping latency minimal.\"},{\"question\":\"What makes the ShadowNet honeypot effective against sophisticated adversaries?\",\"answer\":\"ShadowNet uses a high-fidelity decoy Active Directory environment that replicates a production domain controller without real business value. Credible honeyusers, decoy SPNs, and bait resources encourage realistic attacker interactions that can be profiled accurately.\"}]",1782948033,13,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":15,"description":14,"schema_data":33,"social_meta":84,"head_meta":86,"extra_data":88,"updated_unix":27},"shadownet-a-deceptive-active-directory-honeypot-for-detecting-targeted-intrusions-using-splunk",{"@graph":34,"@context":83},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/shadownet-a-deceptive-active-directory-honeypot-for-detecting-targeted-intrusions-using-splunk/37026/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"inLanguage":23,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-07-01",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69,75,79],{"name":70,"@type":71,"acceptedAnswer":72},"What problem does ShadowNet address in Active Directory security?","Question",{"text":73,"@type":74},"ShadowNet addresses limited visibility into identity-centric intrusions that exploit legitimate authentication and generate overwhelming log volumes. It focuses on detecting targeted actions like Kerberoasting and brute-force attempts with better signal-to-noise through deception and analytics.","Answer",{"name":76,"@type":71,"acceptedAnswer":77},"How does ShadowNet detect attacks using Splunk?",{"text":78,"@type":74},"ShadowNet integrates Sysmon-based telemetry with Splunk Enterprise to correlate logs in real time. Custom Splunk correlation searches identify attack patterns such as Kerberoasting and brute-force attempts while keeping latency minimal.",{"name":80,"@type":71,"acceptedAnswer":81},"What makes the ShadowNet honeypot effective against sophisticated adversaries?",{"text":82,"@type":74},"ShadowNet uses a high-fidelity decoy Active Directory environment that replicates a production domain controller without real business value. Credible honeyusers, decoy SPNs, and bait resources encourage realistic attacker interactions that can be profiled accurately.","https://schema.org",{"og:url":50,"og:type":85,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":87,"canonical":50},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":90},[91,95,99,103,107,112,117,120,125,128,132],{"id":20,"doc_module":4,"doc_module_name":44,"category_name":92,"show_sort_weight":93,"slug":94},"Story & Novel",90,"story-novel",{"id":45,"doc_module":4,"doc_module_name":44,"category_name":96,"show_sort_weight":97,"slug":98},"Literature",80,"literature",{"id":51,"doc_module":4,"doc_module_name":44,"category_name":100,"show_sort_weight":101,"slug":102},"Exam",70,"exam",{"id":21,"doc_module":4,"doc_module_name":44,"category_name":104,"show_sort_weight":105,"slug":106},"Comic",60,"comic",{"id":108,"doc_module":4,"doc_module_name":44,"category_name":109,"show_sort_weight":110,"slug":111},6,"Technology",50,"technology",{"id":113,"doc_module":4,"doc_module_name":44,"category_name":114,"show_sort_weight":115,"slug":116},7,"Healthcare",40,"healthcare",{"id":11,"doc_module":4,"doc_module_name":44,"category_name":12,"show_sort_weight":118,"slug":119},30,"research-report",{"id":121,"doc_module":4,"doc_module_name":44,"category_name":122,"show_sort_weight":123,"slug":124},9,"Religion & Spirituality",20,"religion-spirituality",{"id":123,"doc_module":4,"doc_module_name":44,"category_name":126,"show_sort_weight":123,"slug":127},"World Cup","world-cup",{"id":129,"doc_module":4,"doc_module_name":44,"category_name":130,"show_sort_weight":129,"slug":131},10,"Lifestyle","lifestyle",{"id":133,"doc_module":4,"doc_module_name":44,"category_name":134,"show_sort_weight":21,"slug":135},19,"General","general"]