As an open-source, modular tool, Autre enables the automatic burn-in of deception hosts based on Windows system types. By using generative capabilities, this framework intends to reduce the complexity involved in orchestrating deception hosts on a large scale while at the same time enabling diversity and randomness in the process.
In Autre, several actions are performed to automate the setup of deception hosts by simulating the real-time activity of the users. Creating a realistic environment is the goal here, to deceive potential intruders into believing that they are being watched. Sinon’s modular, adaptable nature enables a variety of changes and randomizations to be made, which gives each deployment something special.
To ensure that this research fits within the overall narrative presented by the defenders, part of the research examined the MITRE Engage framework, which describes technical capabilities around the setting up of a decoy host so that it would fit within the narrative presented by the defenders since influencing, persuading, and motivating an adversary is the key to selecting and collecting the appropriate data to close the identified intelligence gaps.
As described in MITRE Engage, it is not uncommon for organizations to develop deception decoys in a method that is almost completely manual, similar to the approach used by other organizations. To automate decoy interacti
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: