Kerberos – D E C E I V E R . I O

Deceive, Detect, Engage

Deceptive Kerberos Server

Goal: To gather information about attackers attempting to exploit Kerberos vulnerabilities and detect their presence.

Approach: Monitoring access to the deceptive Kerberos server and analyzing attacker behavior.

Attackers who attempt to use the fake Kerberos server for authentication or ticket manipulation will be misled, and their actions will be logged.

Deceptive Kerberos Authentication

Goal: Detect attackers attempting to exploit Kerberos for privilege escalation or lateral movement.

Approach: Creating deceptive Kerberos services or accounts to lure attackers and monitor their activities.

Deploy fake Kerberos services or configure deceptive service principal names (SPNs) that appear to grant access to sensitive resources or systems. Monitor these for unauthorized access attempts or suspicious Kerberos ticket requests.

Tag: Kerberos

Deceptive Kerberos Server

Deceptive Kerberos Authentication

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense