Encrypted File Server Honeytrap

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Encrypted File Server Honeytrap

Description of Element:

This element is a decoy file server that appears to contain sensitive data, but in reality, it’s filled with fabricated information. The server is encrypted and requires specific credentials to access, making it seem even more enticing to attackers. Any attempt to access or interact with this server will trigger an alert, signaling a potential breach.

Technical Context:

Placement: Within the organization’s internal network, alongside other critical servers.

This element reinforces the principle of least privilege and continuous authorization, as only authorized users should have the necessary credentials to access such a server.

Other:

Att&ck/Engage Mapping: Defense Evasion (T1069)/Discovery (T1083)/Honeytrap (E1501)/Decoy Content (E1504)

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense