Rogue Domain Controller

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Rogue Domain Controller

Description of Element:

This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information or responds in unexpected ways.

Technical Context:

Placement: Within the organization’s internal network, alongside other critical servers.

This element can be used to identify attackers attempting to enumerate or modify Active Directory objects or to gather information about attacker tools and techniques.

Other:

Att&ck/Engage Mapping: T1069.002 Permission Groups Discovery: Domain Groups / E1506 Decoy System

This element requires careful planning and execution to ensure that it does not interfere with the normal operation of the Active Directory environment.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense