Engage Goals: EGO0002 Affect
Engage Approach: EAP0005 Disrupt
Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation
Name of Element: Deceptive Access Tokens
Description of Element:
Goal: Disrupt attackers’ attempts to leverage stolen or forged access tokens for unauthorized access.
Approach: Introducing deceptive access tokens that lead to decoy resources or trigger alerts.
Inject fake access tokens into processes or memory that appear to grant access to sensitive data or critical systems. These tokens can be designed to mislead attackers, cause their tools to malfunction, or trigger alerts upon usage.
Technical Context:
This element requires the ability to manipulate access tokens within the operating system or application. This can be achieved through techniques like DLL injection, API hooking, or by exploiting vulnerabilities in token handling mechanisms. This aligns with the MITRE ATT&CK technique T1134.001 (Access Token Manipulation: Token Impersonation/Theft).
Other:
This element can be combined with deceptive user profiles or fake privilege boundaries to create a more convincing illusion.