Deceptive Exception Handling

Goal: To identify attackers attempting to exploit vulnerabilities or gain information through exception handling mechanisms.

Approach: Monitoring exception handling routines and providing deceptive responses. This element involves modifying exception handling routines to provide misleading information or redirect execution flow.

By manipulating exception handling, this element can disrupt attacker tools, gather information about their activities, or conceal sensitive data.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation

Name of Element: Deceptive Exception Handling

Description of Element:

Goal: To identify attackers attempting to exploit vulnerabilities or gain information through exception handling mechanisms.

Approach: Monitoring exception handling routines and providing deceptive responses. This element involves modifying exception handling routines to provide misleading information or redirect execution flow.

By manipulating exception handling, this element can disrupt attacker tools, gather information about their activities, or conceal sensitive data.

Technical Context:

This element requires a deep understanding of exception handling mechanisms and software debugging techniques. It aligns with the MITRE ATT&CK technique T1055 (Process Injection).

Other:

This element should be used with caution to avoid unintended side effects on legitimate applications.

Leave a Reply