Deceptive Web Application with Fake Login Form

Engage Goals: EGO0001 Expose

Engage Approach: EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Deceptive Web Application with Fake Login Form

Description of Element:

Create a decoy web application that mimics a legitimate login page but captures attacker credentials and redirects them to a controlled environment. This can be used to identify attackers, gather information about their targets, and prevent them from accessing real systems.

Technical Context:

Placement: Hosted on a web server accessible from the internet or within the organization’s DMZ.

Develop a web application using a framework like Flask or Django. Implement a login form that captures credentials and stores them in a secure location (e.g., encrypted database, log file). Utilize JavaScript to validate input client-side and enhance the user experience. Redirect the attacker to a honeypot or a page with a deceptive message using server-side redirects.

Other:

Att&ck/Engage Mapping: T1566 Phishing, E1506 Decoy System

Deceptive Web Application with Fake Login Form

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense