Deceive, Detect, Engage

WMI Event Deception

Goal: Disrupt attacker activity by generating deceptive WMI events.

Approach: Generating fake WMI events to confuse attackers.

This element generates deceptive WMI events that mimic legitimate system activity but contain false information. This can confuse attackers and disrupt their reconnaissance or lateral movement efforts.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0003 System Activity Monitoring, EAC0015 Information Manipulation

Name of Element: WMI Event Deception

Description of Element:

Goal: Disrupt attacker activity by generating deceptive WMI events.

Approach: Generating fake WMI events to confuse attackers.

Technical Context:

This element leverages the Windows Management Instrumentation (WMI) framework for system management. It creates and delivers events that appear legitimate but contain deceptive data.

Other:

This element can be particularly effective against attackers who rely on WMI for information gathering or command execution.

WMI Event Deception

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense