Deceptive Identity APIs

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0005 Lures, EAC0018 Security Controls

Name of Element: Deceptive Identity APIs

Description of Element:

Goal: Gather information about attackers’ activities and tools by deploying deceptive identity APIs.

Approach: Creating fake identity APIs that mimic legitimate services but capture attacker interactions.

Deploy fake APIs that mimic identity management services, such as user provisioning, authentication, or authorization. These APIs can be designed to capture attacker requests, log their activities, or return misleading information.

Technical Context:

This element requires the ability to create and deploy APIs that integrate with the identity management infrastructure. This can be achieved through web development frameworks, cloud services, or by manipulating existing identity APIs. This aligns with the MITRE ATT&CK technique T1102 (Web Service).

Other:

This element can be combined with deceptive network configurations or fake documentation to lure attackers towards the deceptive APIs.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense