EAC0012 – Page 2 – D E C E I V E R . I O

C2 Honeyclients

Goal: Identify compromised systems by deploying decoy clients that mimic C2 communication patterns.

Approach: Monitoring network traffic for connections to C2 honeyclients.

Deploy decoy clients (“honeyclients”) that mimic the behavior of infected systems communicating with C2 servers. Monitor any attempts to connect to or control these honeyclients to identify compromised systems and attacker infrastructure.

Honeytoken Accounts with Deceptive Profiles

Goal: Expose attackers attempting to utilize compromised accounts and gather information about their activities.

Approach: Monitoring access to and usage of honeytoken accounts.

Create realistic but fake user accounts (“honeytokens”) with attractive data or access privileges. These accounts have deceptive profiles, leading attackers towards fabricated resources or triggering alerts upon access.

Deception-as-a-Service (DaaS) Platform

Goal: To offer a comprehensive platform for deploying and managing deception campaigns.

Approach: Planning and designing deception strategies based on organizational needs.

This element provides a centralized platform for deploying and managing deception campaigns. It includes tools for creating and customizing deception assets, deploying them across the network, and monitoring their interactions with adversaries.

Tag: EAC0012

C2 Honeyclients

Honeytoken Accounts with Deceptive Profiles

Deception-as-a-Service (DaaS) Platform

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense