DejaVU - Open Source Deception Framework - V15.0

Upgrade

From v14.0 to v15.0

Release Notes

- Added console for both Engine and Console images to perform following actions from console,

1. Management Interface Configuration
2. Health Check
3. Advanced Shell
4. Update Server Connectivity Check
5. Update Console Password
6. Exit

- Added IIS decoy

Upgrade Instruction (both Engine and Console)

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Console/Engine"

Quick Setup Guide: Link

DejaVU - Open Source Deception Framework - V14.0

Upgrade

From v13.0 to v14.0

Release Notes

A console menu has been added to allow you to perform following actions from the console,

1. Management Interface Configuration
2. Advanced Shell
3. Verify Update Server Connectivity

Engine

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Engine"

Console

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Console"

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

DejaVU - Open Source Deception Framework - V13.0

Upgrade

From v12.0 to v13.0

Release Notes

• Introduced email client decoy to detect targeted phishing attacks
• Added health monitor by nikhilj21 (infopercept)
• Bug fixes

Engine

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Engine"

NOTE: Appliance will reboot automatically after upgrade

Console

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Console"

NOTE: Appliance will reboot automatically after upgrade

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

DejaVU - Open Source Deception Framework - V12.0

Upgrade

From v11.0 to v12.0

Release Notes

• Enhancement related to authentication based email configuration by nikhilj21 (infopercept)
• Bug fixes related to filters
• Timezone bug fix reported by wizhardhacker1

Engine

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Engine"

Console

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Console"

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

DejaVU - Open Source Deception Framework - V11.0

Upgrade

From v10.0 to v11.0

Engine

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Engine"

Console

Go to "Backup & Upgrade" and click on "Upgrade DejaVu Console"

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

DejaVU - Open Source Deception Framework - V10.0

Download

Download Preconfigured DejaVu images from here: Camolabs.io

Quick Setup Guide: Link

One of the major advantages of DejaVu V10.0 is - Using a single platform you can deploys decoys across different VLANS and manage, monitor them.

Use Cases

Below are few examples attack vectors using DejaVu platform you can detect:

• (Attack) : Port Scan/Enumeration

  (Defense) : Fake Services spread out throughout the network

• (Attack) : Password Spray/ Brute Force Attack

  (Defense) : Deploy multiple common services, attempts on two/more decoys potentially a password spray attempt

• (Attack) : Attacker targeting low hanging fruits - Tomcat/MSSQL/Jenkins

  (Defense) : Deploy common platforms attackers look for initial foothold

• (Attack) : Responsder/ LLMNR Poisoning

  (Defense) : NBNS client side decoys to detect MITM attacks

• (Attack) : Bloodhound/Similar tools to identify attack path

  (Defense) : DNS Records Manipulation and fake servers

• (Attack) : Lateral Movement - Pass the Hash

  (Defense) : Fake Sessions and Injecting Memory Credentials Tokens

• (Attack) : Kerberoast attack

  (Defense) : Kerberoasting Service Accounts Honey Tokens

• (Attack) : Data Ex-filtration

  (Defense) : Honeyfiles to detect ex-filtration occurrences

Architecture

• DejaVu Engine: This is used deploy decoys across your infrastrucure. So let's you have multiple offices, you would depoloy an engine in each.
• DejaVu Console: A centralized console to view and manager all the alerts from your various engines. Think of this as your dashboard. Engines connect to Console.

Decoy Types

• Server Decoys

  • MYSQL
  • SNMP
  • Custom HTTP Decoy - You can configure this with a custom HTML template
  • TELNET
  • SMB Server with custom files
  • FTP
  • TFTP
  • Web Server - Tomcat, Apache, Basic Auth
  • SSH Interactive and Non-Interactive
  • SMTP
  • RDP Interactive and Non-Interactive
  • VNC
  • HONEYCOMB (To capture events from Honey Docs)
  • ICS/SCADA Decoys - Modbus and S7COMM

• Client Decoys

  • NBNS Decoy
  • MITM Decoy
  • SSDP Client
  • Email Client

• BreadCrumbs

  • Honey Docs
  • HoneyHash - Injects creds into memory
  • Kerberoast Honey Account

DejaVU - Open Source Deception Framework - Beta-V8

Virtual Box Download Link

• Framework/Tool is published here: Beta V8
• This is a Beta Release and is being shared for testing and suggestions purpose only. Kindly feel free to reach us on bhdresh@gmail.com or naiduharish.r@gmail.com if you have any suggestions/feedback/update.
• Quick setup video guide - https://youtu.be/NOuEGa0241U

Checksum

Beta V8

• MD5 : 0eb7e623d7c9644986a708bf1776fcdc

Changelog

• New functionality

  • Syslog server configuration (Settings >> Update Syslog Details)
  • Introduced event management to manage generated threat events (Log Management >> List events)

• Bug fixes

DejaVU - Open Source Deception Framework - Beta-V7

Virtual Box Download Link

• Framework/Tool is published here: Beta V7
• This is a Beta Release and is being shared for testing and suggestions purpose only. Kindly feel free to reach us on bhdresh@gmail.com or naiduharish.r@gmail.com if you have any suggestions/feedback/update.
• Quick setup video guide - https://youtu.be/NOuEGa0241U

Checksum

Beta V7

• MD5 : 483adb26455e780b8fba8331f3abd4ec

Release note

New functionality

• Generate digital breadcrumbs.
• FW upgrade feature to avoid downloading whole image for each new release.

Enhancements

• Enabled HTTPS for Web/Management UI.
• Updated apache docker to serve both HTTP and HTTPS connections.
• Enhanced log graph to reflect total event count on mouseover to attacker icon.

Bug fixes

DejaVU - Open Source Deception Framework - Beta-V6

Virtual Box Download Link

• Framework/Tool is published here: Beta V6
• This is a Beta Release and is being shared for testing and suggestions purpose only. Kindly feel free to reach us on bhdresh@gmail.com or naiduharish.r@gmail.com if you have any suggestions/feedback/update.
• Quick setup video guide - https://youtu.be/NOuEGa0241U

Checksum

Beta V6

• MD5 : 5b0b14534cb7c2ba45123558fe206143

Release note

• Introduced SNMP, MODBUS and S7COMM server decoys
• Custom file structure upload for SMB decoys
• Bug fixes