Deceive, Detect, Engage

Fake RDP Honeypots

Goal: Lure attackers attempting to use RDP for lateral movement and gather information about their tools and techniques.

Approach: Deploying and monitoring fake RDP servers.

Set up decoy RDP servers that mimic legitimate systems but capture attacker credentials, log keystrokes, or redirect them to a controlled environment.

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0005 Lures, EAC0018 Security Controls

Name of Element: Fake RDP Honeypots

Description of Element:

Goal: Lure attackers attempting to use RDP for lateral movement and gather information about their tools and techniques.

Approach: Deploying and monitoring fake RDP servers.

Set up decoy RDP servers that mimic legitimate systems but capture attacker credentials, log keystrokes, or redirect them to a controlled environment.

Technical Context:

These honeypots can be configured with various operating systems and software to attract different types of attackers. This aligns with the MITRE ATT&CK technique T1021.001 (Remote Services: Remote Desktop Protocol).

Other:

Combine this with deceptive network configurations to make the honeypots appear more accessible or vulnerable.

Fake RDP Honeypots

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense