Create a decoy WAF that mimics a legitimate one but triggers alerts or performs deceptive actions in response to specific attack patterns. This can be used to identify attackers, disrupt their activities, or gather information about their techniques.
Tag: EAC0016
Fake Firewall with Permissive Ruleset
Deploy a decoy firewall with an intentionally permissive ruleset that allows most traffic to pass through. This can be used to lure attackers into a false sense of security, allowing you to observe their activities and gather intelligence on their tools and techniques.
Dynamically Changing Network Configuration
Implement a system that dynamically alters network configurations, such as IP addresses, DNS server settings, or routing tables, in response to detected attacker activity. This can be used to confuse attackers, disrupt their reconnaissance efforts, or redirect them to decoy systems.
Fake Network Service with Unexpected Protocol Behavior
Deploy a network service that mimics a legitimate one but responds to requests with unexpected or non-compliant protocol behavior. This can be used to confuse attackers, trigger vulnerabilities in their tools, or gather information about their scanning techniques.
Deceptive HTTP Response with Delayed Content
Craft a web server that responds to HTTP requests with a delayed response body. This can be used to frustrate attackers, slow down automated tools, or identify attackers who are actively monitoring network traffic.
Fake API Gateway
Deploy a decoy API gateway that mimics a legitimate one but intercepts requests and returns fabricated or manipulated responses. This can be used to mislead attackers, disrupt their tools, or gather information about their intentions.
Azure Kubernetes Service (AKS) Honeypod
Deploy a decoy pod within an AKS cluster that mimics a legitimate application but contains fake data or triggers alerts upon access. Monitor network traffic and logs associated with this pod to identify attackers attempting to exploit vulnerabilities or gain access to sensitive information.
Azure Web Application Firewall (WAF) Honeytrap
Configure a decoy Azure WAF with intentionally permissive rules to attract attackers. Monitor traffic hitting this WAF to identify malicious patterns and gather intelligence on attack techniques.
Deceptive NTP Server
This element involves setting up a fake NTP server that responds to requests with incorrect time values, potentially disrupting attacker scripts or malware that rely on accurate time.
Mirrored Network Topology
This element involves creating a fake network segment that mirrors the organization’s real network topology but contains deceptive systems or services.