Sweet Deception: Deploying Honeypots and Honey Tokens in Microsoft 365
Ryan O'Donnell
SAINTCON 2025 · Day 3 · Main Track 2
In an era where cyber threats increasingly target cloud environments, Ryan O'Donnell's SAINTCON talk, "Sweet Deception: Deploying Honeypots and Honey Tokens in Microsoft 365," offers a compelling strategy for proactive defense. O'Donnell, a Senior Offensive Security Engineer at Microsoft, highlights the significant shift in attacker methodologies, moving away from traditional endpoint compromises to focus on cloud-native intrusions. His research introduces an innovative approach to deploying **Canary tokens** within Microsoft 365, specifically targeting Outlook, to provide high-fidelity, early detection of post-compromise activity.