The Dungeon Master's Guide to Deception In Depth
Deception is finally ready for primetime. There were so many talks on cyber deception at GrrCON this year it could have been called DeceptiCON. 🤖
Honeytokens and honeypots managed from a central dashboard provide a platform capable of deploying and maintaining thousands of deception artifacts across corporate networks. 🍯
When combined with the MITRE Engage framework, practitioners can create targeted campaigns to deceive and deny their most advanced adversaries (and anyone else unlucky enough to stumble into the environment). 🕸
I've posted my slides along with links to some of the best research and open-source tools. My next project is to create a platform-agnostic MITRE Engage "Starter Campaign" targeting active ransomware threat actors. Getting started is the hardest part, so that should give everyone an on-ramp. 🛫
SOURCES
MITRE Engage is a framework for planning and discussing adversary engagement operations that empowers you to engage your adversaries and achieve your cybersecurity goals. The project contains a wealth of tools, including an engagement handbook, Engage Matrix, Engage to ATT&CK mapping, and much more. The Community Spotlight page links to interesting research.
“She Doesn’t Even Go Here” Using Denial, Deception, and Adversary Engagement for Defense -- MITRE Engage / HSBC – ShmooCon 2022. Fundamental viewing.
I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers' Tradecraft / presented by GoSecure researchers Olivier Bilodeau and Andréanne Bergeron / blackhat USA 2023
Three Decades of Deception Techniques in Active Cyber Defense – Li Zhang and Vrizlynn L. L. Thing, 2021. Helpful summation of hundreds of sources.
Imposing a Cyber Penalty Against Attackers with Cyber Deception – Kimberly Ferguson Walker, 2022. Discusses results from the Tularosa Study on the powerful effects cyber deception has on the perceptions of attackers.
Lamboozling Attackers - A New Generation of Deception — Kelly Shortridge and Ryan Petrich, 2021
Deception Research - National Security Agency Next Wave Vol 23 Number 1, 2021
Dungeons & Dragons: Dungeons of Dread — Gary Gygax and Lawrence Schick ($)
Cyber Denial, Deception and Counter Deception: A Framework for Supporting Active Cyber Defense — Kristin Heckman, et al., 2015 ($)
OPEN-SOURCE TOOLS
ADHD (Active Defense Harbinger Distribution)
ADHD is an Ubuntu VM containing 26 tools sorted into the following categories: Annoyance, Attribution, and Attack. Black Hills and John Strand maintain the project and documentation. Download ADHD. Usage Doc. | On-Demand training ($).
Canarytokens.org
“Canarytokens are a free, quick, painless way to help defenders discover they've been breached (by having attackers announce themselves.)” Create your own at canarytokens.org. Documentation found here.