Camouflaged System Files

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Camouflaged System Files

Description of Element:

This element involves creating fake macOS system files that mimic legitimate files but contain deceptive information or trigger alerts upon access.

Technical Context:

Placement: Within the macOS file system, alongside other critical files.

This element can be used to identify attackers attempting to access or modify sensitive system files or to gather information about attacker tools and techniques.

Other:

Att&ck/Engage Mapping: T1083 File and Directory Discovery / E1504 Decoy Content

This element requires careful planning and execution to ensure that it does not interfere with the normal operation of the macOS environment.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense