d3fend-deceive
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseD3FEND — Deceive
D3FEND — 欺骗操作
When to Use
适用场景
- Deploying honeynets (connected, integrated, standalone)
- Planting decoy objects (files, network resources, personas)
- Distributing decoy credentials and session tokens
- Publishing decoy information (fake releases, personas)
- Designing deception programs and adversary engagement
- Monitoring deception environment for adversary interaction
- 部署蜜网(互联式、集成式、独立式)
- 植入诱饵对象(文件、网络资源、角色)
- 分发诱饵凭证和会话令牌
- 发布诱饵信息(虚假发布内容、角色)
- 设计欺骗方案和对手交互策略
- 监控欺骗环境以发现对手交互行为
When NOT to Use
不适用场景
- Building detection rules or SIEM content →
d3fend-detect - System hardening or secure config →
d3fend-harden - Network segmentation →
d3fend-isolate - Active defense / threat intel →
cybersecurity - Adversarial testing (red team) → /
ai-redteamoffensive-security-analyst
- 构建检测规则或SIEM内容 →
d3fend-detect - 系统加固或安全配置 →
d3fend-harden - 网络分段 →
d3fend-isolate - 主动防御/威胁情报 →
cybersecurity - 对手测试(红队) → /
ai-redteamoffensive-security-analyst
Core Workflows
核心工作流程
1. Decoy Environments (Honeynets)
1. 诱饵环境(蜜网)
| Type | Deployment | Use Case |
|---|---|---|
| Standalone | Isolated network segment | Research, early warning |
| Integrated | Blended with production | Insider threat, lateral movement |
| Connected | Linked to real systems | APT detection, TTP collection |
See
references/honeynets.md| 类型 | 部署方式 | 使用场景 |
|---|---|---|
| 独立式 | 隔离的网络网段 | 研究、预警 |
| 集成式 | 与生产环境融合 | 内部威胁、横向移动检测 |
| 互联式 | 与真实系统关联 | APT检测、TTP收集 |
详见
references/honeynets.md2. Decoy Objects
2. 诱饵对象
- Decoy files: Fake documents with tracking (canary tokens)
- Decoy network resources: Fake shares, databases, services
- Decoy personas: Fake user accounts with believable data
- Decoy public releases: Fake credentials on dark web/pastebin
- Decoy session tokens: Bait cookies/API keys with monitoring
See
references/decoy_objects.md- 诱饵文件:带有追踪功能的虚假文档(含金丝雀令牌)
- 诱饵网络资源:虚假共享、数据库、服务
- 诱饵角色:包含可信数据的虚假用户账户
- 诱饵公开发布内容:在暗网/粘贴站点发布的虚假凭证
- 诱饵会话令牌:带有监控功能的诱饵Cookie/API密钥
详见
references/decoy_objects.md3. Deception Program Design
3. 欺骗方案设计
- Define objectives (detection, delay, intelligence)
- Select deception layers (environment, object, persona)
- Ensure believability and consistency
- Monitor and collect adversary TTPs
- Analyze and feed into threat intelligence
See
references/deception_program.md- 定义目标(检测、延迟、情报收集)
- 选择欺骗层级(环境、对象、角色)
- 确保可信度和一致性
- 监控并收集对手的TTPs
- 分析并输入到威胁情报体系中
详见
references/deception_program.mdWhen to load references
何时加载参考文档
- Honeynets →
references/honeynets.md - Decoy objects →
references/decoy_objects.md - Deception program →
references/deception_program.md
- 蜜网 →
references/honeynets.md - 诱饵对象 →
references/decoy_objects.md - 欺骗方案 →
references/deception_program.md