├── Deception_stories ├── DS0001.md └── Deception_techniques.md ├── LICENSE ├── Linux-matrix.md ├── Mac-matrix.md ├── README.md ├── Techniques ├── Collection │ ├── Automated_collection.md │ ├── Data_from_local_system.md │ ├── Data_from_network_shared_drive.md │ ├── Data_from_removable_media.md │ ├── Email_collection.md │ └── Input_capture.md ├── Command_and_control │ ├── Commonly_used_port.md │ └── Remote_file_copy.md ├── Credential_access │ ├── Bash_history.md │ ├── Brute_force.md │ ├── Credential_dumping.md │ ├── Credentials_in_files.md │ ├── Exploitation_of_vulnerability.md │ ├── Input_capture.md │ ├── Keychain.md │ ├── Network_sniffing.md │ └── Private_keys.md ├── Defense_evasion │ └── Exploitation_of_vulnerability.md ├── Discovery │ ├── Account_discovery.md │ ├── File_and_directory_discovery.md │ ├── Network_service_scanning.md │ ├── Network_share_discovery.md │ ├── Peripheral_device_discovery.md │ ├── Query_registry.md │ ├── Remote_system_discovery.md │ ├── System_network_configuration_discovery.md │ └── System_network_connections_discovery.md ├── Lateral_movement │ ├── Exploitation_of_vulnerability.md │ ├── Pass_the_hash.md │ ├── Pass_the_ticket.md │ ├── Remote_desktop_protocol.md │ ├── Remote_file_copy.md │ ├── Remote_services.md │ ├── Replication_through_removable_media.md │ └── Taint_shared_content.md └── Privilege_escalation │ └── Exploitation_of_vulnerability.md ├── Useful_resources.md ├── Windows-matrix.md └── images ├── DaD_matrix.png └── deception_story.png /Deception_stories/DS0001.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Deception_stories/DS0001.md -------------------------------------------------------------------------------- /Deception_stories/Deception_techniques.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Deception_stories/Deception_techniques.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/LICENSE -------------------------------------------------------------------------------- /Linux-matrix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Linux-matrix.md -------------------------------------------------------------------------------- /Mac-matrix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Mac-matrix.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/README.md -------------------------------------------------------------------------------- /Techniques/Collection/Automated_collection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Automated_collection.md -------------------------------------------------------------------------------- /Techniques/Collection/Data_from_local_system.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Data_from_local_system.md -------------------------------------------------------------------------------- /Techniques/Collection/Data_from_network_shared_drive.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Data_from_network_shared_drive.md -------------------------------------------------------------------------------- /Techniques/Collection/Data_from_removable_media.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Data_from_removable_media.md -------------------------------------------------------------------------------- /Techniques/Collection/Email_collection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Email_collection.md -------------------------------------------------------------------------------- /Techniques/Collection/Input_capture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Collection/Input_capture.md -------------------------------------------------------------------------------- /Techniques/Command_and_control/Commonly_used_port.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Command_and_control/Commonly_used_port.md -------------------------------------------------------------------------------- /Techniques/Command_and_control/Remote_file_copy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Command_and_control/Remote_file_copy.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Bash_history.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Bash_history.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Brute_force.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Brute_force.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Credential_dumping.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Credential_dumping.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Credentials_in_files.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Credentials_in_files.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Exploitation_of_vulnerability.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Exploitation_of_vulnerability.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Input_capture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Input_capture.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Keychain.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Keychain.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Network_sniffing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Network_sniffing.md -------------------------------------------------------------------------------- /Techniques/Credential_access/Private_keys.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Credential_access/Private_keys.md -------------------------------------------------------------------------------- /Techniques/Defense_evasion/Exploitation_of_vulnerability.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Defense_evasion/Exploitation_of_vulnerability.md -------------------------------------------------------------------------------- /Techniques/Discovery/Account_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Account_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/File_and_directory_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/File_and_directory_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/Network_service_scanning.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Network_service_scanning.md -------------------------------------------------------------------------------- /Techniques/Discovery/Network_share_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Network_share_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/Peripheral_device_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Peripheral_device_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/Query_registry.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Query_registry.md -------------------------------------------------------------------------------- /Techniques/Discovery/Remote_system_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/Remote_system_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/System_network_configuration_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/System_network_configuration_discovery.md -------------------------------------------------------------------------------- /Techniques/Discovery/System_network_connections_discovery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Discovery/System_network_connections_discovery.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Exploitation_of_vulnerability.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Exploitation_of_vulnerability.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Pass_the_hash.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Pass_the_hash.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Pass_the_ticket.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Pass_the_ticket.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Remote_desktop_protocol.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Remote_desktop_protocol.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Remote_file_copy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Remote_file_copy.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Remote_services.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Remote_services.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Replication_through_removable_media.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Replication_through_removable_media.md -------------------------------------------------------------------------------- /Techniques/Lateral_movement/Taint_shared_content.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Lateral_movement/Taint_shared_content.md -------------------------------------------------------------------------------- /Techniques/Privilege_escalation/Exploitation_of_vulnerability.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Techniques/Privilege_escalation/Exploitation_of_vulnerability.md -------------------------------------------------------------------------------- /Useful_resources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Useful_resources.md -------------------------------------------------------------------------------- /Windows-matrix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/Windows-matrix.md -------------------------------------------------------------------------------- /images/DaD_matrix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/images/DaD_matrix.png -------------------------------------------------------------------------------- /images/deception_story.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0x4D31/deception-as-detection/HEAD/images/deception_story.png --------------------------------------------------------------------------------