Engage Goals: EGO0001 Expose, EGO0003 Elicit
Engage Approach: EAP0001 Collect, EAP0002 Detect
Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls
Name of Element: Deceptive Linux Shell Commands
Description of Element:
Goal: To identify attackers attempting to execute unauthorized shell commands.
Approach: Monitoring command execution and analyzing attacker behavior. This element involves creating deceptive shell commands that mimic legitimate commands but return misleading or deceptive information or trigger alerts.
Attackers who attempt to execute the deceptive shell commands will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to interact with the system.
Technical Context:
This element can be combined with other deceptive elements, such as fake system files or deceptive configuration files, to enhance its effectiveness. It aligns with the MITRE ATT&CK technique T1059.004 (Command and Scripting Interpreter: Unix Shell).
Other:
This element requires a deep understanding of the Linux shell and careful planning and execution to ensure that it does not interfere with the normal operation of the system.