Deceive, Detect, Engage

Fake API Gateway

Deploy a decoy API gateway that mimics a legitimate one but intercepts requests and returns fabricated or manipulated responses. This can be used to mislead attackers, disrupt their tools, or gather information about their intentions.

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0015 Information Manipulation, EAC0016 Network Manipulation

Name of Element: Fake API Gateway

Description of Element:

Technical Context:

Placement: Deployed in a DMZ or a dedicated network segment, accessible to potential attackers.

Utilize HAProxy or Kong Gateway to create a decoy API gateway. Configure routing rules based on HTTP headers, request paths, or other criteria to selectively redirect attacker traffic to the decoy gateway. Implement custom plugins or scripts within the gateway to manipulate responses, introduce delays, or log attacker activity.

Other:

Att&ck/Engage Mapping: T1102 Web Service, E1506 Decoy System

Fake API Gateway

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense