Category: Defensive

Fake macOS System Updates

Goal: To identify attackers attempting to exploit vulnerabilities in the macOS update process.

Approach: Monitoring interaction with the fake updates and analyzing attacker behavior. This element involves creating fake macOS system updates that mimic legitimate updates but contain misleading or deceptive information or lead to a controlled environment.

Attackers who attempt to install or interact with the fake updates will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the system.

Read more...

Deceptive macOS Launch Agents

Goal: To identify attackers attempting to establish persistence by creating or modifying launch agents.

Approach: Monitoring access to the deceptive launch agents and analyzing attacker behavior. This element involves creating deceptive launch agents that mimic legitimate ones but contain misleading or deceptive information or trigger alerts.

Attackers who attempt to interact with or modify the deceptive launch agents will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to maintain persistence on the system.

Read more...

Fake Linux System Logs

Goal: To identify attackers attempting to tamper with or destroy system logs.

Approach: Monitoring access to the fake system logs and analyzing attacker behavior. This element involves creating fake system logs that mimic legitimate logs but contain misleading or deceptive information.

Attackers who attempt to tamper with or destroy the fake system logs will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to cover their tracks.

Read more...

Deceptive Linux Shell Commands

Goal: To identify attackers attempting to execute unauthorized shell commands.

Approach: Monitoring command execution and analyzing attacker behavior. This element involves creating deceptive shell commands that mimic legitimate commands but return misleading or deceptive information or trigger alerts.

Attackers who attempt to execute the deceptive shell commands will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to interact with the system.

Read more...

Deceptive Linux Configuration Files

Goal: To identify attackers attempting to enumerate or modify sensitive configuration files.

Approach: Monitoring access to the deceptive configuration files and analyzing attacker behavior. This element involves creating deceptive configuration files that mimic legitimate files but contain misleading or deceptive information.

Attackers who attempt to access or modify the deceptive configuration files will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to gather information about the system or modify its configuration.

Read more...

Fake Windows System Files

Goal: To identify attackers attempting to access or modify sensitive system files.

Approach: Monitoring access to the fake system files and analyzing attacker behavior.

This element involves creating fake system files that mimic legitimate files but contain misleading or deceptive information.

Attackers who attempt to access or modify the fake system files will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to gather information about the system or modify its configuration.

Read more...

Deceptive Windows API Calls

Goal: To identify attackers attempting to make unauthorized API calls.

Approach: Monitoring API calls and analyzing attacker behavior.

This element involves creating deceptive API calls that mimic legitimate calls but return misleading or deceptive information.

Attackers who attempt to make the deceptive API calls will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to interact with the system.

Read more...

Deceptive Windows Registry Keys

Goal: To identify attackers attempting to enumerate or modify sensitive registry keys.

Approach: Monitoring access to the deceptive registry keys and analyzing attacker behavior.

This element involves creating deceptive registry keys that mimic legitimate keys but contain misleading or deceptive information.

Attackers who attempt to access or modify the deceptive registry keys will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to gather information about the system or modify its configuration.

Read more...

Deceptive Phishing Email with Delayed Delivery

Goal: Deceptive Phishing Email with Delayed Delivery

Approach: This element involves sending a deceptive phishing email to employees that appears to be legitimate but is intentionally delayed in delivery.

Attackers who open or interact with the delayed email will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to phish employees.

Read more...

Deceptive SAML IdP

Goal: To gather information about attackers attempting to exploit SAML vulnerabilities and detect their presence.

Approach: Monitoring access to the deceptive SAML IdP and analyzing attacker behavior.

Attackers who attempt to use the fake SAML IdP for authentication or authorization will be misled, and their actions will be logged.

Read more...