cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XDR Deception

ErnestL187
Copper Contributor

‎Feb 14 2024 01:09 AM

‎Feb 14 2024 01:09 AM

XDR Deception

Hey, so I am currently testing everything that has to do with deception. I can successfully deploy the lures to all my targeted machines. However for testing purposes I want to act as the "hacker". I can find a deceptive host in one of the system files, but I cant seem to find the deceptive usernames. Does anyone know where these deceptive usernames are located on the system? I tried looking in lsass dump, but nothing found here. Thanks in advance!

724 Views
0 Likes
1 Reply
Reply
1 Reply
SorenHP

‎Mar 06 2024 04:07 AM

‎Mar 06 2024 04:07 AM

Re: XDR Deception

Replying in case you haven't already figured it out.

I only just began my own testing, so I've barely touched the surface, but one place where deceptive user and credentials could be placed is in the default user directory.
So, that would be C:\Users\Default\ - And within this dir a deceptive file with one or more deceptive usernames plus credentials would be.

If you press export when having selected the deception rule, you'll get a .csv with a few more details.

Hope this helps
0 Likes
Reply