Craft a web server that responds to HTTP requests with a delayed response body. This can be used to frustrate attackers, slow down automated tools, or identify attackers who are actively monitoring network traffic.
Category: Offensive
Fake API Gateway
Deploy a decoy API gateway that mimics a legitimate one but intercepts requests and returns fabricated or manipulated responses. This can be used to mislead attackers, disrupt their tools, or gather information about their intentions.
Fake SMB Share
This element involves setting up a fake SMB server that mimics a legitimate one but triggers alerts upon access or delivers deceptive payloads.
Deceptive NTP Server
This element involves setting up a fake NTP server that responds to requests with incorrect time values, potentially disrupting attacker scripts or malware that rely on accurate time.
Fake Social Media Posts
This element involves creating fake social media posts or activity that appear to originate from the user but are actually designed to mislead or deceive attackers.
Fake Search Queries
This element involves manipulating the user’s search engine query history to include fake or misleading search terms.
Fake Clipboard Content
This element involves manipulating the user’s clipboard to contain fake or misleading information.
Deceptive LDAP Responses
Goal: To identify attackers attempting to gather information about Active Directory objects or to exploit vulnerabilities in the LDAP protocol.
Approach: Monitoring LDAP queries and analyzing attacker behavior. This element involves configuring a deceptive LDAP server that responds to specific queries with misleading or deceptive information.
Attackers who attempt to interact with the deceptive LDAP server will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the Active Directory environment.
Fake Active Directory Domain Controller
Goal: To identify attackers attempting to enumerate or modify Active Directory objects.
Approach: Monitoring access to the fake domain controller and analyzing attacker behavior. This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information, such as fake user accounts or group memberships.
Attackers who attempt to interact with the fake domain controller will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the Active Directory environment.
Fake DNS Server
Goal: To identify attackers attempting to resolve internal domain names or perform DNS tunneling.
Approach: Monitoring queries to the fake DNS server and analyzing attacker behavior.
This element involves setting up a fake DNS server that responds to specific queries with deceptive answers or redirects them to a controlled environment.