Focus Areas:
Identity & Access Management
,
Incident Response
This Tool Demo covers following tools where the speaker has contributed or authored
HUGINN
HUGINN
Abstract
Huginn helps realise strategic adversary deception concepts from the MITRE Engage framework and the European Central Bank’s cyber resilience report using novel techniques and an open-source program.
We demonstrate creation and monitoring of the following decoy assets during this presentation:
- Certificate Templates (ESC4 & ESC1)
- Computer Object Take-over via RBCD
- Decoy Users
- Decoy Object ACLs
- Retrieve GMSA Passwords
Our objectives are to:
- Reduce the security posture requirements for engaging in cyber deception.
- Balance the intrinsic asymmetry of cyber-attacks by raising high-fidelity alerts around advanced attacker activity.
- Impose cost by embedding high-value deception artefacts within critical attack paths.