ACD Elements – Page 5 – D E C E I V E R . I O

Camouflaged System Files

This element involves creating fake macOS system files that mimic legitimate files but contain deceptive information or trigger alerts upon access.

Mirrored Network Topology

This element involves creating a fake network segment that mirrors the organization’s real network topology but contains deceptive systems or services.

Spoofed DNS Records

This element involves creating fake DNS records that point to deceptive systems or services.

Rogue Domain Controller

This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information or responds in unexpected ways.

This element is a decoy user account that appears to have elevated privileges within the system. The account is monitored for any login attempts or activity, which would indicate an attacker trying to gain unauthorized access.

Phantom Network Traffic Generator

This element generates fake network traffic that mimics legitimate communication patterns, but leads to non-existent services or devices. This creates a confusing environment for attackers, making it difficult to distinguish between real and fake traffic.

Encrypted File Server Honeytrap

This element is a decoy file server that appears to contain sensitive data, but in reality, it’s filled with fabricated information. The server is encrypted and requires specific credentials to access, making it seem even more enticing to attackers. Any attempt to access or interact with this server will trigger an alert, signaling a potential breach.

Deceptive Exception Handling

Goal: To identify attackers attempting to exploit vulnerabilities or gain information through exception handling mechanisms.

Approach: Monitoring exception handling routines and providing deceptive responses. This element involves modifying exception handling routines to provide misleading information or redirect execution flow.

By manipulating exception handling, this element can disrupt attacker tools, gather information about their activities, or conceal sensitive data.

Fake System Call Table

Goal: To identify and mislead attackers attempting to hijack system calls for malicious purposes.

Approach: Monitoring system call activity and providing deceptive responses. This element involves manipulating the System Call Table to redirect specific calls to deceptive functions.

By redirecting system calls, this element can disrupt attacker tools, gather information about their activities, or lead them to controlled environments.

Deceptive API Call Responses

Goal: To identify and mislead attackers attempting to manipulate system behavior through API hooking.

Approach: Monitoring API calls and providing deceptive responses. This element involves intercepting specific API calls and returning misleading or unexpected data to attackers.

By manipulating API call responses, this element can confuse attackers, disrupt their tools, or lead them down false paths.

Category: ACD Elements

Camouflaged System Files

Mirrored Network Topology

Spoofed DNS Records

Rogue Domain Controller

Privileged User Account Decoy

Phantom Network Traffic Generator

Encrypted File Server Honeytrap

Deceptive Exception Handling

Fake System Call Table

Deceptive API Call Responses

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense