Goal: Gather information about attacker activity by creating fake Active Directory objects.
Approach: Monitoring access to deceptive Active Directory objects.
This element creates fake user accounts, computers, or groups within Active Directory. Any attempts to access or interact with these objects are logged, providing valuable intelligence about attacker reconnaissance and lateral movement.