Deceive, Detect, Engage

Deceptive Local Administrator Passwords

Goal: Disrupt attacker attempts to exploit common local administrator passwords for lateral movement.

Approach: Deploying a diverse set of fake local administrator passwords across systems.

Configure systems with a variety of deceptive local administrator passwords that differ from the actual password. This can slow down or frustrate attackers who rely on common passwords or credential dumping techniques.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0008 Burn-In, EAC0015 Information Manipulation

Name of Element: Deceptive Local Administrator Passwords

Description of Element:

Goal: Disrupt attacker attempts to exploit common local administrator passwords for lateral movement.

Approach: Deploying a diverse set of fake local administrator passwords across systems.

Technical Context:

This element requires careful coordination to ensure that legitimate administrators can still access the systems. This aligns with the MITRE ATT&CK technique T1078.003 (Valid Accounts: Local Accounts).

Other:

Combine this with deceptive account lockout policies to further deter attackers.

Deceptive Local Administrator Passwords

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense