Deceive, Detect, Engage

Azure Key Vault Honeytoken

Create a fake Azure Key Vault instance containing decoy secrets and keys. Monitor access to this vault to detect attempts to steal sensitive information.

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Azure Key Vault Honeytoken

Description of Element:

Create a fake Azure Key Vault instance containing decoy secrets and keys. Monitor access to this vault to detect attempts to steal sensitive information.

Technical Context:

Placement: Within a resource group alongside legitimate Azure services.

Requires knowledge of Azure Key Vault configuration and access control mechanisms.

Other:

Att&ck/Engage Mapping: T1528 Steal or Forge Kerberos Tickets, E1501 Honeytrap

Azure Key Vault Honeytoken

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense