A "tarpit" is a service that intentionally responds slowly to incoming connections. This can exhaust the attacker's resources and time, making a simple vulnerability scan take days instead of minutes. The Legal and Ethical Boundary
: Readers are cautioned to seek legal counsel and obtain organizational authorization before deploying these techniques, as "hacking back" can lead to significant civil and criminal liability, especially if third-party systems are affected. offensive countermeasures the art of active defense pdf
Defensive countermeasures aim to gather Threat Intelligence. This is "offensive" in the sense of spying on the spy. A "tarpit" is a service that intentionally responds
This is controversial. Some advanced SOCs embed a JavaScript beacon in a decoy HR document. When an attacker opens the document on their command & control (C2) server, the beacon pings back the attacker’s internal IP, hostname, and browser fingerprint. Defensive countermeasures aim to gather Threat Intelligence
: The authors compare active defense to Aikido, which focuses on redirecting an opponent's energy and blocking attacks rather than initiating them. Legal Footing