	US 12,261,884 B2
	Deceiving attackers accessing active directory data
Venu Vissamsetty, San Jose, CA (US); Anil Gupta, Bangalore (IN); and Harinath Vishwanath Ramchetty, Bangalore (IN)
Assigned to SentinelOne, Inc., Mountain View, CA (US)
Filed by SentinelOne, Inc., Mountain View, CA (US)
Filed on Feb. 23, 2023, as Appl. No. 18/173,611.
Application 18/173,611 is a continuation of application No. 16/543,189, filed on Aug. 16, 2019, granted, now 11,616,812.
Application 16/543,189 is a continuation in part of application No. 15/383,522, filed on Dec. 19, 2016, granted, now 10,599,842, issued on Mar. 24, 2020.
Prior Publication US 2023/0388344 A1, Nov. 30, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/55 (2013.01); G06F 21/56 (2013.01)

CPC H04L 63/1491 (2013.01) [G06F 21/55 (2013.01); G06F 21/566 (2013.01); H04L 63/14 (2013.01); H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/10 (2013.01)]

20 Claims

1. A method comprising:

receiving, by a computer system, a first response from an active directory server;

replacing, by the computer system, a first reference in the first response with a second reference referencing a decoy server to obtain a modified first response; and

returning, by the computer system, the modified first response to a requesting application referenced by the first response, wherein the requesting application is running on the computer system.