Goal: To identify attackers attempting to execute unauthorized shell commands.
Approach: Monitoring command execution and analyzing attacker behavior. This element involves creating deceptive shell commands that mimic legitimate commands but return misleading or deceptive information or trigger alerts.
Attackers who attempt to execute the deceptive shell commands will be identified and their actions will be logged. This information can be used to improve defenses and make it more difficult for attackers to interact with the system.