Deceive, Detect, Engage

Fake System Call Table

Goal: To identify and mislead attackers attempting to hijack system calls for malicious purposes.

Approach: Monitoring system call activity and providing deceptive responses. This element involves manipulating the System Call Table to redirect specific calls to deceptive functions.

By redirecting system calls, this element can disrupt attacker tools, gather information about their activities, or lead them to controlled environments.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0014 Software Manipulation, EAC0015 Information Manipulation

Name of Element: Fake System Call Table

Description of Element:

Goal: To identify and mislead attackers attempting to hijack system calls for malicious purposes.

Approach: Monitoring system call activity and providing deceptive responses. This element involves manipulating the System Call Table to redirect specific calls to deceptive functions.

By redirecting system calls, this element can disrupt attacker tools, gather information about their activities, or lead them to controlled environments.

Technical Context:

This element requires advanced knowledge of operating system internals and rootkit techniques. It aligns with the MITRE ATT&CK technique T1014 (Rootkit).

Other:

This element should be used with extreme caution due to the potential for system instability.

Fake System Call Table

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense