Deceive, Detect, Engage

Azure Active Directory (AD) Decoy User Accounts

Create fake user accounts within Azure AD with enticing names or roles (e.g., “admin,” “backup_admin”). Monitor login attempts and activity related to these accounts to identify credential stuffing or brute-force attacks.

Engage Goals: EGO0001 Expose

Engage Approach: EAP0002 Detect

Engage Actions: EAC0012 Personas, EAC0018 Security Controls

Name of Element: Azure Active Directory (AD) Decoy User Accounts

Description of Element:

Technical Context:

Placement: Integrate these accounts within the organization’s Azure AD structure.

Requires understanding of Azure AD user management and security best practices.

Other:

Att&ck/Engage Mapping: T1078 Valid Accounts, E1503 Decoy Account

Azure Active Directory (AD) Decoy User Accounts

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense