Deception

The deploying-ransomware-canary-files skill helps security teams deploy decoy files in critical directories and monitor read, modify, rename, or delete events for early ransomware warning. Use it for Security Audit workflows, lightweight detection, and alerting via Slack, email, or syslog without replacing EDR or backups.

deploying-active-directory-honeytokens helps defenders plan and generate Active Directory honeytokens for Security Audit work, including fake privileged accounts, fake SPNs for Kerberoasting detection, decoy GPO traps, and deceptive BloodHound paths. It pairs installation-oriented guidance with scripts and telemetry cues for practical deployment and review.