Qualys, Inc.
Domain specific language for threat-actor deception

Abstract:

The present disclosure describes enticing a threat-actor to execute an attack execution operation. According to one aspect of the subject matter described in this disclosure, a method for generating a domain-specific language (DSL) file is disclosed. The method may comprise determining, a framework based on an attack repository, determining a first primitive based on the framework, and determining a second primitive based on the framework. In one implementation, the first primitive and the second primitive are fundamental structures or constructs within a DSL. The method further comprises combining the first primitive and the second primitive into a DSL file. In one implementation, the DSL file is executed to create a computing environment that entices a first attacker to execute an attack execution operation within a given domain.