Deceptive Privilege Escalation Paths

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach:

Engage Actions: EAC0003 System Activity Monitoring, EAC0023 Introduced Vulnerabilities

Name of Element: Deceptive Privilege Escalation Paths

Description of Element:

Goal: Identify attackers attempting privilege escalation and gather information about their techniques.

Approach: Creating enticing but fake privilege escalation vulnerabilities.

Introduce seemingly vulnerable services or configurations that appear to allow privilege escalation. These paths lead to controlled environments or trigger alerts upon exploitation, revealing attacker TTPs.

Technical Context:

This element requires careful planning to avoid introducing actual vulnerabilities. The deceptive paths should mimic common privilege escalation exploits but lead to dead ends or reveal attacker activity. This aligns with the MITRE ATT&CK technique T1068 (Exploitation for Privilege Escalation).

Other:

Combine this with deceptive logging that shows fake successful privilege escalations to further mislead attackers.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense