Deceive, Detect, Engage

Deceptive NTP Server

This element involves setting up a fake NTP server that responds to requests with incorrect time values, potentially disrupting attacker scripts or malware that rely on accurate time.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0016 Network Manipulation

Name of Element: Deceptive NTP Server

Description of Element:

This element involves setting up a fake NTP server that responds to requests with incorrect time values, potentially disrupting attacker scripts or malware that rely on accurate time.

Technical Context:

Placement: Within the organization’s internal network or DMZ.

This element requires careful consideration to avoid disrupting legitimate services that rely on NTP.

Other:

Att&ck/Engage mapping: T1053 Scheduled Task/Job / E1506 Decoy System

Deceptive NTP Server

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense