Outsmarting threat actors Flashcards
SY0-701
TTP (Tactics techniques and procedures)
methods and patters of activities or behaviors associated with a particular threat actor or group of threat actors
Deception and disruption tech
designed to mislead, confuse, and divert attackers from critical assets all while detecting and neutralizing threats
Honeypot
decoy system or network designed to attract a potential hacker. Designed to not block attacker but gathering data on attackers tactics. Designed to log all transactions and actions
Where to install
In an enterprise network place it within a screened subnet or isolated segment that is easily accessed by potential attackers
Honeynet
network of honeypots create a more complex system that is designed to mimic an entire network. Also logs all activities both successful and unsuccessful. Risk that it can be used to learn network
Honeyfile
decoy file placed within a system to lure in potential attackers. Contains sensitive data. Alert is given to security team. Some files can provide hackers info on network
Types of honeyfiles
word docs, spreadsheet, presentation files, images, database files, executables. Typically embedded, usually loosely placed
Honeytoken
piece of data or resource that has no legitimate value or use but it monitors for access
Types of strategies that work in conjunction
bogus dns entries, decoy directories, generating dynamic pages using port tiggering
Bogus DNS
fake DNS entries introduced into systems dns server
Decoy directores
fake folders and files palced within a systems storage. System will raise alert when accessed
Dynamic page generation
used in websites to present ever chaning content to we brawlers to oncuse and slow the the threat actor
port triggering
security mechanism where specific services or ports on a network device remain closed until a specific out outbound traffic pattern is detected
Fake telemetry data
system can respond to an attackers network scan attempt by sending out fake telemetry or network data