Fake Windows System Files

Goal: To identify attackers attempting to access or modify sensitive system files.

Approach: Monitoring access to the fake system files and analyzing attacker behavior.

This element involves creating fake system files that mimic legitimate files but contain misleading or deceptive information.

Attackers who attempt to access or modify the fake system files will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to gather information about the system or modify its configuration.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Fake Windows System Files

Description of Element:

Goal: To identify attackers attempting to access or modify sensitive system files.

Approach: Monitoring access to the fake system files and analyzing attacker behavior.

This element involves creating fake system files that mimic legitimate files but contain misleading or deceptive information.

Attackers who attempt to access or modify the fake system files will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to gather information about the system or modify its configuration.

Technical Context:

This element can be combined with other deceptive elements, such as deceptive registry keys or deceptive network configurations, to enhance its effectiveness. It aligns with the MITRE ATT&CK technique T1083 (File and Directory Discovery).

Other:

This element requires careful planning and execution to ensure that it does not interfere with the normal operation of the system.

Leave a Reply