This element involves setting up a fake email server that appears to be legitimate but captures all incoming emails, including phishing attempts or spam.
Tag: EAC0018
Rogue FTP/SFTP Server
This element involves setting up a fake file transfer server (FTP or SFTP) that mimics a legitimate one but captures attacker credentials and files, and logs their activities.
Mimicked Kubernetes Pods
This element involves deploying deceptive Kubernetes pods that mimic legitimate pods but perform deceptive actions or contain deceptive information.
Camouflaged System Files
This element involves creating fake macOS system files that mimic legitimate files but contain deceptive information or trigger alerts upon access.
Rogue Domain Controller
This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information or responds in unexpected ways.
Privileged User Account Decoy
This element is a decoy user account that appears to have elevated privileges within the system. The account is monitored for any login attempts or activity, which would indicate an attacker trying to gain unauthorized access.
Encrypted File Server Honeytrap
This element is a decoy file server that appears to contain sensitive data, but in reality, it’s filled with fabricated information. The server is encrypted and requires specific credentials to access, making it seem even more enticing to attackers. Any attempt to access or interact with this server will trigger an alert, signaling a potential breach.
Deceptive LDAP Responses
Goal: To identify attackers attempting to gather information about Active Directory objects or to exploit vulnerabilities in the LDAP protocol.
Approach: Monitoring LDAP queries and analyzing attacker behavior. This element involves configuring a deceptive LDAP server that responds to specific queries with misleading or deceptive information.
Attackers who attempt to interact with the deceptive LDAP server will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the Active Directory environment.
Fake Active Directory Domain Controller
Goal: To identify attackers attempting to enumerate or modify Active Directory objects.
Approach: Monitoring access to the fake domain controller and analyzing attacker behavior. This element involves setting up a fake domain controller that mimics a legitimate one but contains deceptive information, such as fake user accounts or group memberships.
Attackers who attempt to interact with the fake domain controller will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to compromise the Active Directory environment.
Fake Kubernetes Secrets
Goal: To identify attackers attempting to steal sensitive information stored as Kubernetes secrets.
Approach: Monitoring access to the fake secrets and analyzing attacker behavior. This element involves creating fake Kubernetes secrets that mimic legitimate secrets but contain misleading or deceptive information.
Attackers who attempt to access or exfiltrate the fake secrets will be identified and their actions will be logged.