Mimicked Kubernetes Pods

Engage Goals: EGO0001 Expose, EGO0003 Elicit

Engage Approach: EAP0001 Collect, EAP0002 Detect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Mimicked Kubernetes Pods

Description of Element:

This element involves deploying deceptive Kubernetes pods that mimic legitimate pods but perform deceptive actions or contain deceptive information.

Technical Context:

Placement: Within the Kubernetes cluster, alongside other legitimate pods

This element can be used to identify attackers attempting to compromise or gain access to sensitive data within Kubernetes pods or to gather information about attacker tools and techniques

Other:

Att&ck/Engage Mapping: T1005 Data from Local System / E1506 Decoy System

This element requires careful planning and execution to ensure that it does not interfere with the normal operation of the Kubernetes environment.

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense