Detect Attacks
Before They Succeed
Enterprise-grade deception infrastructure that transforms your Active Directory into an intelligent threat detection system. Deploy honeypots that attackers can't distinguish from real assets.
6+
Attack Types Detected
<1s
Detection Time
0
False Positives
Features
Detection Capabilities
Comprehensive coverage for the attacks that matter most in Active Directory environments.
Kerberos Attacks
Credential Theft Detection
Detect the most common Active Directory attacks targeting Kerberos authentication.
Kerberoasting Detection
T1558.003Deploy honey service accounts with SPNs. When an attacker requests a TGS ticket for offline cracking, you'll know immediately.
AS-REP Roasting Detection
T1558.004Create accounts with "Do not require Kerberos preauthentication" that serve as perfect tripwires.
DCSync Target Detection
T1003.006Honey accounts that trigger alerts when targeted by replication requests, catching DCSync attacks.
Pre-Windows 2000 Detection
Honey machine accounts with predictable passwords that detect tools like pre2k scanning for weak credentials.
ADCS Attacks
Certificate Services Abuse
Monitor certificate templates for the escalation paths attackers love to exploit.
ESC1 - Enrollee Supplies Subject
ESC1Monitor templates where users can specify arbitrary SANs, a common path to domain admin.
ESC3 - Enrollment Agent
ESC3Detect abuse of certificate request agent templates that allow requesting certs on behalf of others.
ESC9 - No Security Extension
ESC9Catch attacks on templates without the security extension, enabling SAN spoofing.
ESC4, ESC13 & More
ESC4-13Full coverage of ADCS attack patterns including template ACL abuse and issuance policy attacks.
Platform
Built for Security Teams
Enterprise-grade features without the enterprise complexity.
Lightweight Agent
Single executable that runs as a Windows service. Minimal CPU and memory footprint with no kernel drivers.
Instant Notifications
Webhooks for Slack, Teams, PagerDuty, or custom endpoints. Email alerts included.
Zero False Positives
By design, honeypots should never be touched by legitimate users. Every alert is a real attack.
MITRE ATT&CK Mapping
Every detection includes technique IDs and tactics for easy correlation with your threat intel.
How It Works
Deploy in Minutes, Not Months
Deploy Agent
Install the lightweight agent on your domain controllers and certificate authorities.
Configure Honeypots
Create honey accounts, SPNs, and certificate templates that blend into your environment.
Detect Attacks
Get instant alerts when attackers interact with your honeypots. No false positives.
Pricing
Simple, Transparent Pricing
Start free. Scale as you grow. No hidden fees.
Starter
$3,500/year (save 17%)
For small teams getting started with AD deception.
- Up to 5 agents
- Kerberoasting detection
- AS-REP Roasting detection
- DCSync target detection
- Pre-2K machine detection
- Email alerts
- 30-day event retention
- API access
Pro
$7,500/year (save 17%)
Full AD and ADCS coverage for security teams.
- Up to 15 agents
- All Kerberos attack detection
- ADCS abuse detection (ESC1-13)
- Webhook integrations
- SIEM integration
- 90-day event retention
- Priority support
Enterprise
For organizations with advanced requirements.
- Unlimited agents
- All detection capabilities
- 1-year event retention
- SSO/SAML
- On-premise deployment
- Dedicated support
- SLA guarantees
- Multi-org support (MSSPs)
Feature Comparison
| Feature | Starter | Pro | Enterprise |
|---|---|---|---|
| Kerberoasting detection | |||
| AS-REP Roasting detection | |||
| DCSync target detection | |||
| Pre-2K machine detection | |||
| ADCS abuse detection (ESC1-13) | - | ||
| Email alerts | |||
| Webhook integrations | - | ||
| SIEM integration | - | ||
| API access | |||
| Agents | 5 | 15 | Unlimited |
| Event retention | 30 days | 90 days | 1 year |
| SSO/SAML | - | - | |
| On-premise deployment | - | - | |
| SLA guarantee | - | - | |
| Multi-org support (MSSPs) | - | - |
Frequently Asked Questions
- How does the free trial work?
- Start with a 14-day free trial of the Pro plan. No credit card required. Deploy agents and honeypots immediately.
- What counts as an agent?
- An agent is a single installation on a domain controller or certificate authority. One agent can monitor multiple honeypots.
- Can I change plans later?
- Yes, upgrade or downgrade at any time. Upgrades take effect immediately. Downgrades take effect at the end of your billing cycle.
- Do you offer annual billing?
- Yes, save 17% with annual billing. Select annual billing when subscribing or contact us to switch.
- What support is included?
- Starter includes documentation and community support. Pro includes priority email support. Enterprise includes dedicated support with SLAs.
- What is the difference between Starter and Pro?
- Starter includes all AD/Kerberos detection (Kerberoasting, AS-REP, DCSync, Pre-2K). Pro adds ADCS abuse detection (ESC1-13), SIEM integration, and longer event retention.
- Is there an on-premise option?
- Yes, Enterprise customers can deploy Claymore entirely within their environment. Contact sales for details.
About
Redefining Active Defense
Claymore builds deception technology that gives defenders the advantage.
Our Mission
Turn Every Attack Into an Immediate Detection
Active Directory is the most targeted system in enterprise environments, and the most rewarding to compromise. Techniques like Kerberoasting, AS-REP Roasting, and ADCS abuse have become standard playbook items for threat actors and red teams alike.
Traditional detection approaches struggle with these attacks. They generate too many false positives, require extensive tuning, or miss the attacks entirely. Security teams are left playing catch-up.
Claymore takes a different approach. By deploying honeypots that blend seamlessly into your environment, we create tripwires that attackers can't avoid. When they interact with a honeypot, you know immediately—with zero false positives.
C
Claymore Labs
Our Values
What Drives Us
Defense in Depth
We believe deception should be a core layer of every security program, not an afterthought.
Attacker-Centric Design
Every honeypot is designed around real attack techniques. We study adversaries so you can catch them.
Simplicity First
Security tools should be powerful without being complex. Deploy in minutes, not months.
Contact
Get in Touch
Have questions? Want to learn more about how Claymore can help your organization?
General inquiries: contact@claymorelabs.io
Sales: sales@claymorelabs.io
Support: support@claymorelabs.io
Ready to Catch Attackers?
Start your free trial and deploy honeypots in your Active Directory environment today.