Skip to main content
Version: 1.1.x

Introduction

Deception#

Deception has and always will be a part of warfare. Large fake armies were created to deceive the enemy, spoofed communications lead listeners to false conclusions and sounds of non-existent tanks moving through the night caused bad decisions by the opponent's generals.

"Though fraud in other activities be detestable, in the management of war it is laudable and glorious, and he who overcomes an enemy by fraud is as much to be praised as he who does so by force." (Niccolo Machiavelli)

In cyberspace, attackers tend to have the advantage. Defenders are often not only limited to reacting to attacks, but they also have to follow the law and rules while many attackers are not limited by such guardrails. The daily noise of normal activity can be so deafening that the silent signals of attackers are almost impossible to find.

However, attackers are only looking at data that our systems emit. This means that we can shape that data. We can shape what an attackers sees and influence what they think and conclude.

A carefully implemented deception operation can turn the tables on attackers and make you a significantly harder target. You can use it to paint a false picture of reality.

The WiFi security domain is so full of inherent issues that deception is a core concept that nzyme deploys to truly improve your security posture. Classic, signature-based WiFi intrusion detection systems are just to easy to circumvent.

"The ideal deception makes the victim certain but wrong." (Barton Whaley)

Effects of Deception#

There are some effects of deception that should be considered for WiFi security.

  • Effect: Reveal
    • Attacker is tricked into revealing their presence
    • Implemented in nzyme with traps PROBE_REQUEST_1, BEACON_1.
  • Effect: Distrust
    • Attacker loses trust in their attack platforms, tools and techniques.
    • Not yet implemented in nzyme.
  • Effect: Waste Time
    • Attacker wastes time with clients or networks that don't exist.
    • Implemented in nzyme with traps PROBE_REQUEST_1, BEACON_1.
  • Effect: Underestimate
    • Attacker thinks you are not sophisticated
    • Not yet implemented in nzyme.

Nzyme Traps#

Deploying deception techniques is very complicated. This is why nzyme offers pre-built deception strategies that are easy to configure. The specific strategies and their configuration are covered in this documentation.

Think of an nzyme trap like a WiFi honeypot.

In nzyme, a trap is a deception technique that aims to trick an attacker into revealing themselves. Each trap is configured to run on a specific WiFi interface (it likely has to send crafted frames) with specific configuration parameters like send intervals or channels to use. A trap also employs a specific strategy (for example PROBE_REQUEST_1) that controls what picture we want to paint for an attacker to see. Look at the traps documentation to get an overview of what is available.

Deception is only limited to your own creativity. Go ahead and read through the rest of the documentation in this category and start to deploy some techniques.