Deceptive Kerberos Server

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0004 Direct, EAP0005 Disrupt

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Deceptive Kerberos Server

Description of Element:

Goal: To gather information about attackers attempting to exploit Kerberos vulnerabilities and detect their presence.

Approach: Monitoring access to the deceptive Kerberos server and analyzing attacker behavior.

Attackers who attempt to use the fake Kerberos server for authentication or ticket manipulation will be misled, and their actions will be logged.

Technical Context:

This element can be combined with other deceptive elements, such as fake accounts or deceptive network configurations, to enhance its effectiveness. It aligns with the MITRE ATT&CK technique T1558.003 (Steal or Forge Kerberos Tickets: Kerberoasting).

Other:

This element involves setting up a fake Kerberos server that mimics a legitimate service but responds in unexpected ways or introduces delays.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense