Exercise a target system in a manner where it will generate desirable system artifacts.
Exercising the system to create desirable system artifacts including web browsing, filesystem usage, running user applications like office suites, etc. The burn-in process can be specific to a user or system, depending on your needs.
|There is an opportunity to prepare user accounts so they look used and authentic.
|There is an opportunity to seed systems with decoy cookies that will lead adversaries to decoy targets.
|In an adversary engagement scenario, there is an opportunity to prepare a user's browser data (sessions, cookies, etc.) so it looks authentic and fully populated.
|A defender can prepare a Decoy System by logging in to the Decoy Account and using it in ways consistent with the deception story, creating artifacts in the system that make it look legitimate.
|A defender can authenticate to a collection of decoy sites (as a decoy user) to give the adversary a set of session cookies to harvest and potentially use during adversary engagement.
|A defender can perform web browsing tasks on a decoy system over time to give the adversary a robust set of browser data that looks realistic and could potentially be used during adversary engagement.
|Configure a decoy system and allow it to be used in an manner such that it collects activity logs and appears to be to be a legitimate system.
|Configure a system to generate internet browser traffic for a decoy user profile, creating artifacts such as cookies, history, temp files, etc.
|Defense Evasion, Persistence, Privilege Escalation, Initial Access
|Man in the Browser
|Steal Web Session Cookie