adam's notes

Deception Technologies

Deception and disruption technologies are powerful cybersecurity resilience tools that significantly increase the attacker’s cognitive load and resource expenditure by forcing them to constantly adapt their tactics, techniques, and procedures (TTPs).

  • increases the cost of attack planning for threat actor
  • deception examples
    • honeypot/honeynet/honeyfiles
  • disruption
    • adopt some of the obfuscation strategies used by malicious actors
    • aim is to raise the attack cost and tie up the adversary’s resources
    • e.g.,
      • Using bogus DNS entries to list multiple hosts that do not exist
      • Configuring a web server with multiple decoy directories or dynamically generated pages to slow down scanning
      • Using port triggering or spoofing to return fake telemetry data when a host detects port scanning activity
        • result in multiple ports being falsely reported as open and slow down the scan
      • Using a DNS sinkhole to route suspect traffic to a different network, such as a honeynet, where it can be analyzed
        • A temporary DNS record that redirects malicious traffic to a controlled IP address

Honeypot

honeypot is a decoy computer system designed to attract attackers.

  • provide early warning of attack attempts and valuable insights into attacker behavior
    • by analyzing attack strategy and tools
  • honeynet is an entire decoy network
    • may be set up as an actual network or simulated using an emulator
  • likely to be located in:
    • a protected but untrusted area between the Internet and the private network
    • a closely monitored and filtered segment within the private network itself
  • provides early warning and evidence of whether a threat actor has penetrated a security zone
  • tools:
    • PenTBox

Graph View

Backlinks