"these, the – spn parameter allows you to tie the user to an intriguing service prinicpal name. if you want to set up a privileged decoy user, there is a separate function called deploy - privilegeduserdeception. this function contains a – protection parameter which allows you to …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1548.002Bypass User Account Control
65%
"a sacl ( system access control list ) and dacl ( discretionary access control list ). both acls hold aces ( access control entry ) which determine permissions for object and auditing for the object. the dacl will determine who can access the object : user1 can read the object, us…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1558.003Kerberoasting
53%
"##perty once applying the audit rule with deploy - userdeception, any attempt to enumerate the user will trigger a 4662 event, pictured below. deploy - userdeception has some parameters to make this user more appealing. the userflag parameter has multiple options. - - doesnotrequ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1558Steal or Forge Kerberos Tickets
39%
"##perty once applying the audit rule with deploy - userdeception, any attempt to enumerate the user will trigger a 4662 event, pictured below. deploy - userdeception has some parameters to make this user more appealing. the userflag parameter has multiple options. - - doesnotrequ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.
