Deceive, Detect, Engage

Deceptive Beacons

Goal: Confuse and misdirect attackers by deploying deceptive beacons.

Approach: Emitting misleading signals to divert attackers.

Deploy beacons that mimic the network traffic of vulnerable or compromised systems. These beacons can lead attackers towards honeypots, decoy networks, or even trigger automated responses.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0004 Network Analysis, EAC0016 Network Manipulation

Name of Element: Deceptive Beacons

Description of Element:

Goal: Confuse and misdirect attackers by deploying deceptive beacons.

Approach: Emitting misleading signals to divert attackers.

Deploy beacons that mimic the network traffic of vulnerable or compromised systems. These beacons can lead attackers towards honeypots, decoy networks, or even trigger automated responses.

Technical Context:

These beacons can be deployed on various network segments or even outside the organization’s perimeter. They can mimic protocols like SMB, SSH, or HTTP to attract attackers looking for specific vulnerabilities. This aligns with the MITRE ATT&CK technique T1583.001 (DNS beacons).

Other:

Vary the types of beacons and their activity to create a convincing illusion of a compromised network.

Deceptive Beacons

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense