Guide an adversary down a specific path or in a specific direction.
Channel is used to guide an adversary down a specific path or in a specific direction. A defender can channel an adversary away from important systems or network segments and towards decoy systems or hardened devices. They could also attempt to channel an adversary based on the content that you provide. Channeling can be used to waste an adversary's time, make them expend additional resources, or allow defenders to study their behaviors.
| Technique | Description |
|---|---|
| DTE0001 - Admin Access | Modify a user's administrative privileges. |
| DTE0003 - API Monitoring | Monitor local APIs that might be used by adversary tools and activity. |
| DTE0004 - Application Diversity | Present the adversary with a variety of installed applications and services. |
| DTE0010 - Decoy Account | Create an account that is used for active defense purposes. |
| DTE0011 - Decoy Content | Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc. |
| DTE0012 - Decoy Credentials | Create user credentials that are used for active defense purposes. |
| DTE0013 - Decoy Diversity | Deploy a set of decoy systems with different OS and software configurations. |
| DTE0014 - Decoy Network | Create a target network with a set of target systems, for the purpose of active defense. |
| DTE0015 - Decoy Persona | Develop personal information (aka a backstory) about a user and plant data to support that backstory. |
| DTE0016 - Decoy Process | Execute software on a target system for the purposes of the defender. |
| DTE0017 - Decoy System | Configure a computing system to serve as an attack target or experimental environment. |
| DTE0018 - Detonate Malware | Execute malware under controlled conditions to analyze its functionality. |
| DTE0023 - Migrate Attack Vector | Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use. |
| DTE0025 - Network Diversity | Use a diverse set of devices on the network to help establish the legitimacy of a decoy network. |
| DTE0026 - Network Manipulation | Make changes to network properties and functions to achieve a desired effect. |
| DTE0029 - Peripheral Management | Manage peripheral devices used on systems within the network for active defense purposes. |
| DTE0030 - Pocket Litter | Place data on a system to reinforce the legitimacy of the system or user. |
| DTE0032 - Security Controls | Alter security controls to make the system more or less vulnerable to attack. |
| DTE0036 - Software Manipulation | Make changes to a system's software properties and functions to achieve a desired effect. |