This chapter is about actively tampering with the opponents tools and sensors, actively deceiving your opponents
This chapter covers several topics such as:
- Deleting logs
- Backdooring frameworks
- Rootkits
- Data integrity
- Detecting rootkits
- Manipulating the home field advantage
- Deceiving attackers on the network
- Tricking attackers into executing your code
The following are some of the code samples included in this chapter:
- iptables_tricks.md
- Several iptables tricks to manipulate network traffic and deceive an attacker
- wrap_log.go
- A universal utility to replace system binaries and intercept or log their usage
The following are some of the images in this chapter:
This image shows how an attacker could delete local logs and effect an incident response investigation
This image shows how a defender can use remote logging and detect when a pipeline goes down
This last image shows what it could look like if an attacker used a rootkit