Deceptive SSH Server

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Deceptive SSH Server

Description of Element:

Goal: To identify and gather information about attackers attempting to brute force SSH credentials.

Approach: Monitoring connections to the deceptive SSH server and analyzing attacker behavior.

Attackers who attempt to log in to the deceptive SSH server will have their credentials captured, and their activities will be logged. This information can be used to improve defenses and identify potential threats.

Technical Context:

This element involves setting up a fake SSH server that mimics a legitimate server but captures login attempts and delays responses.

This element can be combined with other deceptive elements, such as fake accounts or deceptive network configurations, to enhance its effectiveness. It aligns with the MITRE ATT&CK technique T1110 (Brute Force).

Other:

This element requires careful configuration to avoid interfering with legitimate SSH connections.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense