Outsmarting Threat Actors Flashcards
These are specific methods and patterns of activities or behaviors associated with a particular threat actor or group of threat actors.
Tactics, Techniques, and Procedures (TTP’s)
How do we learn a threat actors TTP’s? They are designed to mislead, confuse, and divert attackers from critical assets while simultaneously detecting and neutralizing threats.
Deception and Disruption Technologies
What are the most commonly used Deception Technologies?
Honeypot, Honeynet, Honeyfile, Honeytoken
This is a decoy system or network set up to attract potential hackers.
Honeypot
This deception technology mimics an entire network to study behaviors of threat actors.
Honeynet
This deception technology uses decoy files. They are placed within a system to lure in potential attackers. These serve as a trap to enumerate attackers. They can be embedded in many files including: Word Docs, Excel Spreadsheets, Presentations, Images, Database files, and executables.
Honeyfile
This deception technology is a piece of data or a resource that has no legitimate value or use but is monitored for access or use:
Honeytoken
What are some disruption technologies?
Bogus DNS, Decoy Directories, Dynamic Page Generation, Port Triggering, Fake Telemetry Data
What is a disruption technology that uses a fake DNS entry that is introduced into a system’s DNS server?
Bogus DNS
What is a disruption technology that uses fake folders and files placed within a system’s storage?
Decoy Directories
What is a disruption technology used in websites to present ever-changing content to web crawlers to confuse and slow down the threat actor?
Dynamic Page Generation
What is a disruption technology uses a security mechanism that follows specific services or ports on a network device, remaining closed until a specific outbound traffic pattern is detected?
Port Triggering
What is a disruption technology system that can respond to an attacker’s network scan attempt by sending out fake telemetry or network data?
Fake Telemetry Data