Patent attributes
Disclosed herein are methods, systems, and processes for recovering opaque credentials in deception systems. A plaintext credential is received at a honeypot and a plaintext lookup table is accessed. It is determined that the plaintext credential does not exist in the plaintext lookup table and the plaintext credential is added to the plaintext lookup table and a protocol specific plaintext lookup table. An opaque credential is generated for the plaintext credential and the opaque credential is added to a protocol specific opaque lookup table. Attack context metadata associated with the original attack event is generated and stored in the protocol specific opaque lookup table in association with the plaintext credential and the opaque credential. If the honeypot receives the opaque credential from a subsequent attacker who initiates a subsequent attack event, the protocol specific opaque lookup table is accessed and the plaintext credential associated with the opaque credential is recovered. The plaintext credential, the opaque credential, and the attack context metadata are then exchanged with a credential exchange manager.
