The worst of all deceptions is self-deception
Goal: Disrupt attacker reconnaissance and lateral movement by configuring deceptive firewall rules.
Approach: Creating firewall rules that mislead attackers about network segmentation and access controls.
Configure firewall rules that appear to block access to critical systems or sensitive data, but actually redirect traffic to honeypots or decoy networks. This can mislead attackers about the network topology and hinder their progress.
Goal: Lure attackers attempting to use RDP for lateral movement and gather information about their tools and techniques.
Approach: Deploying and monitoring fake RDP servers.
Set up decoy RDP servers that mimic legitimate systems but capture attacker credentials, log keystrokes, or redirect them to a controlled environment.
Goal: Disrupt and delay attackers attempting to bypass Multi-Factor Authentication (MFA).
Approach: Presenting attackers with deceptive MFA prompts.
When an attacker attempts to log in, present them with an unexpected MFA prompt, even if they have valid credentials. This can be a fake push notification, a request for a non-existent biometric scan, or a challenge question with no right answer.
Goal: To offer a comprehensive platform for deploying and managing deception campaigns.
Approach: Planning and designing deception strategies based on organizational needs.
This element provides a centralized platform for deploying and managing deception campaigns. It includes tools for creating and customizing deception assets, deploying them across the network, and monitoring their interactions with adversaries.