Determine the interests, capabilities, or behaviors of an adversary.
Test is used to determine an adversary's interests, capabilities, behaviors, motivations, etc. This may include things like providing systems to see if an adversary engages or providing content to see if the adversary inspects or exfiltrates it. You can also test an adversary by making a tasks more difficult to perform and see if they have the capabilities to accomplish it.
| Technique | Description |
|---|---|
| DTE0001 - Admin Access | Modify a user's administrative privileges. |
| DTE0003 - API Monitoring | Monitor local APIs that might be used by adversary tools and activity. |
| DTE0004 - Application Diversity | Present the adversary with a variety of installed applications and services. |
| DTE0005 - Backup and Recovery | Make copies of key system software, configuration, and data to enable rapid system restoration. |
| DTE0010 - Decoy Account | Create an account that is used for active defense purposes. |
| DTE0011 - Decoy Content | Seed content that can be used to lead an adversary in a specific direction, entice a behavior, etc. |
| DTE0012 - Decoy Credentials | Create user credentials that are used for active defense purposes. |
| DTE0013 - Decoy Diversity | Deploy a set of decoy systems with different OS and software configurations. |
| DTE0014 - Decoy Network | Create a target network with a set of target systems, for the purpose of active defense. |
| DTE0015 - Decoy Persona | Develop personal information (aka a backstory) about a user and plant data to support that backstory. |
| DTE0017 - Decoy System | Configure a computing system to serve as an attack target or experimental environment. |
| DTE0018 - Detonate Malware | Execute malware under controlled conditions to analyze its functionality. |
| DTE0023 - Migrate Attack Vector | Move a malicious link, file, or device from its intended location to a decoy system or network for execution/use. |
| DTE0025 - Network Diversity | Use a diverse set of devices on the network to help establish the legitimacy of a decoy network. |
| DTE0026 - Network Manipulation | Make changes to network properties and functions to achieve a desired effect. |
| DTE0029 - Peripheral Management | Manage peripheral devices used on systems within the network for active defense purposes. |
| DTE0030 - Pocket Litter | Place data on a system to reinforce the legitimacy of the system or user. |
| DTE0032 - Security Controls | Alter security controls to make the system more or less vulnerable to attack. |
| DTE0036 - Software Manipulation | Make changes to a system's software properties and functions to achieve a desired effect. |