Deceive, Detect, Engage

Rogue FTP/SFTP Server

This element involves setting up a fake file transfer server (FTP or SFTP) that mimics a legitimate one but captures attacker credentials and files, and logs their activities.

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0018 Security Controls

Name of Element: Rogue FTP/SFTP Server

Description of Element:

This element involves setting up a fake file transfer server (FTP or SFTP) that mimics a legitimate one but captures attacker credentials and files, and logs their activities.

Technical Context:

Placement: Within the organization’s DMZ or internal network, depending on the target audience.

This element can be combined with deceptive network configurations to make it appear more accessible or vulnerable.

Other:

Att&ck/Engage mapping: T1041 Exfiltration Over C2 Channel / E1501 Honeytrap

Rogue FTP/SFTP Server

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense