The worst of all deceptions is self-deception
Goal: To gather information about attackers attempting to exploit OAuth 2.0 vulnerabilities and detect their presence.
Approach: Monitoring access to the fake OAuth 2.0 server and analyzing attacker behavior.
Attackers who attempt to use the fake OAuth 2.0 server for authentication or authorization will be misled, and their actions will be logged.
Goal: To gather information about attackers attempting to exploit Kerberos vulnerabilities and detect their presence.
Approach: Monitoring access to the deceptive Kerberos server and analyzing attacker behavior.
Attackers who attempt to use the fake Kerberos server for authentication or ticket manipulation will be misled, and their actions will be logged.
Goal: Detect attackers attempting to bypass or spoof biometric authentication mechanisms.
Approach: Creating deceptive biometric authentication prompts that capture attacker attempts or redirect them to decoy systems.
Deploy fake biometric authentication prompts that appear to process biometric data but instead capture attacker attempts, log their activities, or redirect them to controlled environments.
Goal: Thwart attackers’ attempts to reset passwords or gain unauthorized access through password recovery mechanisms.
Approach: Introducing deceptive password reset flows that delay attackers or lead them to decoy systems.
Implement fake password reset pages or email flows that appear to process password reset requests but instead capture attacker information, delay their progress, or redirect them to controlled environments.
Goal: Identify attackers attempting to leverage compromised accounts for lateral movement or unauthorized access to cloud resources.
Approach: Deploying fake IDaaS endpoints that mimic legitimate services but capture attacker interactions.
Create decoy IDaaS endpoints that appear to provide access to cloud resources or sensitive data. These endpoints can be designed to capture attacker requests, log their activities, or redirect them to controlled environments.
Goal: Gather information about attackers’ activities and tools by deploying deceptive identity APIs.
Approach: Creating fake identity APIs that mimic legitimate services but capture attacker interactions.
Deploy fake APIs that mimic identity management services, such as user provisioning, authentication, or authorization. These APIs can be designed to capture attacker requests, log their activities, or return misleading information.
Goal: Disrupt attackers’ attempts to leverage stolen or forged access tokens for unauthorized access.
Approach: Introducing deceptive access tokens that lead to decoy resources or trigger alerts.
Inject fake access tokens into processes or memory that appear to grant access to sensitive data or critical systems. These tokens can be designed to mislead attackers, cause their tools to malfunction, or trigger alerts upon usage.
Goal: Detect attackers attempting to exploit Kerberos for privilege escalation or lateral movement.
Approach: Creating deceptive Kerberos services or accounts to lure attackers and monitor their activities.
Deploy fake Kerberos services or configure deceptive service principal names (SPNs) that appear to grant access to sensitive resources or systems. Monitor these for unauthorized access attempts or suspicious Kerberos ticket requests.
Goal: Redirect attackers attempting to leverage identity federation protocols to a controlled environment.
Approach: Manipulating identity federation responses to misdirect authentication flows.
Modify identity federation responses, such as SAML assertions or OAuth tokens, to redirect attackers to a fake identity provider (IdP) or a honeypot environment.
Goal: Detect and track the usage of service accounts by unauthorized users or malicious processes.
Approach: Creating and monitoring decoy service accounts to identify suspicious activities.
Deploy decoy service accounts with names or privileges that mimic legitimate accounts. Monitor these accounts for any login attempts, resource access, or modifications to reveal attacker activity.