Practical Cyber Deception — to “Chaotic Good”

By /

Listen to this Post

Featured Image
URL: https://lnkd.in/dqndB724

Cyber deception is an evolving strategy in cybersecurity that involves misleading attackers to waste their time, reveal their tactics, or lead them into traps. This article explores the concept of “Chaotic Good” in cyber deception—using deceptive techniques to disrupt adversaries while maintaining ethical boundaries.

You Should Know: Practical Cyber Deception Techniques

1. Deploying Honeypots

Honeypots are decoy systems designed to attract attackers. Common tools include:
– Kippo (SSH Honeypot) 

git clone https://github.com/desaster/kippo 
cd kippo 
./start.sh

– T-Pot (Multi-Honeypot Platform) 

git clone https://github.com/telekom-security/tpotce 
cd tpotce/iso/installer/ 
./install.sh --type=auto

2. Fake Credentials & Breadcrumbs

Plant fake credentials in exposed locations to mislead attackers: 

echo "admin:Password123!" > /var/www/html/.creds.txt 
chmod 644 /var/www/html/.creds.txt

3. DNS Deception

Redirect malicious traffic using fake DNS entries:

 Add in /etc/hosts 
192.168.1.100 fakebank.com 
192.168.1.100 secure-login.example.com

4. Canary Tokens for Detection

Use canary tokens to track unauthorized access:

  • Generate tokens at CanaryTokens.org
  • Place them in sensitive directories: 
    wget https://canarytokens.org/static/random.exe -O /var/ftp/pub/confidential.exe

5. Log Manipulation for Misdirection

Modify logs to confuse attackers:

sed -i 's/192.168.1.50/192.168.1.200/g' /var/log/auth.log

What Undercode Say

Cyber deception is a powerful tool in modern defense strategies. By leveraging honeypots, fake data, and misdirection, defenders can gain the upper hand. Key Linux commands for deception include:
– `iptables` for traffic redirection: 

iptables -t nat -A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 2222

– `tcpdump` for monitoring attacker activity: 

tcpdump -i eth0 port 22 -w /var/log/ssh_attacks.pcap

– `fail2ban` to automate blocking: 

fail2ban-client set sshd banip 192.168.1.100

Windows equivalents include:

– `netsh` for port forwarding: 

netsh interface portproxy add v4tov4 listenport=22 connectport=2222

– `wevtutil` for log manipulation: 

wevtutil qe Security /rd:true /f:text

A strong deception strategy combines automation, monitoring, and psychological tactics to outsmart adversaries.

Expected Output:

A well-structured cyber deception setup includes:

  • Active honeypots logging attacker behavior.
  • Fake credentials leading to controlled environments.
  • Misdirected traffic through DNS and IP spoofing.
  • Automated alerts on canary token triggers.

For further reading, visit: https://koifsec.medium.com.

References:

Reported By: Daniel Koifman – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: