cyber deception

In Part 3 of the Threat Hunting Shift, I will introduce an Adversarial Framework for Tactical Cyber Defense Operations. Part 4 will complete the introduction to the framework and Part 5 will further delve into the details of it. I’m a “biggerpicturist” 🪐, I’m always trying to connect the dots in everything I do and this framework is the product of a lot of sense making I’ve been working on for the last 8 months....

Continuing from Threat Hunting Shift Part 3, we will now introduce the Defend and Design domains. So without further ado, let’s dig into it! Note: If you haven’t read the previous post, where I present the Discover and Disrupt domains, I advice you head there and give it a quick read ;) Defend Warlords who have mastered defense, attack from hidden places and assure their own success. They know when, where, and how to make an attack while defending their positions at the same time....

All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near. Sun Tzu In our previous post I provided background around the industry’s concept of threat hunting as it stands nowadays. What I would like to do in this second part is to delve a bit deeper into one of the active defence tactics mentioned earlier, namely, controlled attack paths and what this means in the context of cyber deception....