Engage Goals: EGO0001 Expose, EGO0002 Affect
Engage Approach: EAP0002 Detect
Engage Actions: EAC0018 Security Controls
Name of Element: Fake SMB Share
Description of Element:
This element involves setting up a fake SMB server that mimics a legitimate one but triggers alerts upon access or delivers deceptive payloads.
Technical Context:
Placement: Within the organization’s internal network, alongside other file servers.
This element can be combined with deceptive file permissions or honeyfiles to further entice attackers.
Other:
Att&ck/Engage mapping: T1083 File and Directory Discovery / E1506 Decoy System