MITRE ATT&CK technique T1039
Tactic: Collection
Platform: Windows, Linux, Mac
- Create fake network shares, or create fake directories/files (i.e. honeyfiles) in real network shares, and monitor access to them using the OS file/folder auditing or FIM tools.
- Create decoy files or documents (beacons) that phone home when opened.
- honeyλ - Serverless application designed to create and monitor URL honeytokens (i.e. fake HTTP endpoints) automatically
- canarytokens