In the previous post we lernt about the power of file honeypots to detect malicious activity. But in this world of automation the time it takes for you to respond may be so long that its unlikely you can respond in time. In this post we will discuss some potential tactics to make your linux systems frustating to attackers who already have access and slow them down using some linux filesystem tricks.
Honeypots are all the rage with them being a fantastic tool to quickly identify malicious activity from usual system activity. There are many kinds of honeypots, including honeypot ports (honeyports) and even entire honey networks (honeynet), however the one I want to talk about is honeypot files (honeyfiles).
About 6 months ago i bought 102 EM4100 protocol RFID cards (From here) and a compatible RFID reader https://www.sparkfun.com/products/8419. This was to investigate how it was that these common RFID cards work.