Exercise a target system in a manner where it will generate desirable system artifacts.
Exercising the system to create desirable system artifacts including web browsing, filesystem usage, running user applications like office suites, etc. The burn-in process can be specific to a user or system, depending on your needs.
|DOS0006||There is an opportunity to prepare user accounts so they look used and authentic.|
|DOS0093||There is an opportunity to seed systems with decoy cookies that will lead adversaries to decoy targets.|
|DOS0112||In an adversary engagement scenario, there is an opportunity to prepare a user's browser data (sessions, cookies, etc.) so it looks authentic and fully populated.|
|DUC0006||A defender can prepare a Decoy System by logging in to the Decoy Account and using it in ways consistent with the deception story, creating artifacts in the system that make it look legitimate.|
|DUC0093||A defender can authenticate to a collection of decoy sites (as a decoy user) to give the adversary a set of session cookies to harvest and potentially use during adversary engagement.|
|DUC0112||A defender can perform web browsing tasks on a decoy system over time to give the adversary a robust set of browser data that looks realistic and could potentially be used during adversary engagement.|
|DPR0016||Configure a decoy system and allow it to be used in an manner such that it collects activity logs and appears to be to be a legitimate system.|
|DPR0017||Configure a system to generate internet browser traffic for a decoy user profile, creating artifacts such as cookies, history, temp files, etc.|
|T1078||Valid Accounts||Defense Evasion, Persistence, Privilege Escalation, Initial Access|
|T1185||Man in the Browser||Collection|
|T1539||Steal Web Session Cookie||Credential Access|