This element involves creating fake office documents (e.g., spreadsheets, presentations, text documents) that appear to contain sensitive or confidential information but are actually filled with fabricated data or trigger alerts upon access.
Tag: EAC0015
Fabricated Browser History
This element involves creating fake entries in the user’s browser history, pointing to websites or resources that do not exist or are irrelevant to the user’s actual activity.
Mimicked Kubernetes Pods
This element involves deploying deceptive Kubernetes pods that mimic legitimate pods but perform deceptive actions or contain deceptive information.
Camouflaged System Files
This element involves creating fake macOS system files that mimic legitimate files but contain deceptive information or trigger alerts upon access.
Mirrored Network Topology
This element involves creating a fake network segment that mirrors the organization’s real network topology but contains deceptive systems or services.
Spoofed DNS Records
This element involves creating fake DNS records that point to deceptive systems or services.
Rogue Domain Controller
This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information or responds in unexpected ways.
Privileged User Account Decoy
This element is a decoy user account that appears to have elevated privileges within the system. The account is monitored for any login attempts or activity, which would indicate an attacker trying to gain unauthorized access.
Phantom Network Traffic Generator
This element generates fake network traffic that mimics legitimate communication patterns, but leads to non-existent services or devices. This creates a confusing environment for attackers, making it difficult to distinguish between real and fake traffic.
Encrypted File Server Honeytrap
This element is a decoy file server that appears to contain sensitive data, but in reality, it’s filled with fabricated information. The server is encrypted and requires specific credentials to access, making it seem even more enticing to attackers. Any attempt to access or interact with this server will trigger an alert, signaling a potential breach.