Deceive, Detect, Engage

Deceptive HTTP Response with Delayed Content

Craft a web server that responds to HTTP requests with a delayed response body. This can be used to frustrate attackers, slow down automated tools, or identify attackers who are actively monitoring network traffic.

Engage Goals: EGO0002 Affect

Engage Approach: EAP0005 Disrupt

Engage Actions: EAC0016 Network Manipulation

Name of Element: Deceptive HTTP Response with Delayed Content

Description of Element:

Technical Context:

Placement: Hosted on a web server accessible from the internet or within the organization’s DMZ.

Configure a web server (e.g., Apache with mod_delay, Nginx with ngx_http_limit_req_module) to introduce delays in the response. Use server-side scripting languages (e.g., PHP, Python) or Lua modules to dynamically adjust the delay based on request characteristics or attacker behavior.

Other:

Att&ck/Engage Mapping: T1102 Web Service, E1505 Decoy Network

Deceptive HTTP Response with Delayed Content

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense