Abstract
Huginn helps realise strategic adversary deception concepts from the MITRE Engage framework and the European Central Bank’s cyber resilience report using novel techniques and an open-source program.
We demonstrate creation and monitoring of the following decoy assets during this presentation:
- Certificate Templates (ESC4 & ESC1)
- Computer Object Take-over via RBCD
- Decoy Users
- Decoy Object ACLs
- Retrieve GMSA Passwords
Our objectives are to:
- Reduce the security posture requirements for engaging in cyber deception.
- Balance the intrinsic asymmetry of cyber-attacks by raising high-fidelity alerts around advanced attacker activity.
- Impose cost by embedding high-value deception artefacts within critical attack paths.