We welcome your feedback about MITRE Engage™ v0.9 Beta: Email us at engage@mitre.org


Exercise a target system in a manner where it will generate desirable system artifacts.

Burn-In involves exercising the system to create desirable system artifacts such as web browsing history, file system usage, or the running of user applications. At times, Burn-In can be accomplished by simply letting a system or application run for an extended period of time. Other times, the defender engages with the environment to produce the Burn-In artifacts, such as when the defender logs into a decoy account or accesses a decoy website to generate session cookies and browser history. These tasks can be accomplished manually or via automated tooling.

Burn-In should occur pre-operation and continue as appropriate during the operation. The artifacts generated during the Burn-In process can reassure the adversary of the environment's legitimacy by creating an environment that more closely resembles a real, lived in, system or network.

ID: EAC0008
Type:  Engagement 
Goals:  Elicit
Approaches:  Reassurance
Whenever an adversary interacts with the environment, their actions reveal vulnerabilities. Defenders can utilize engagement activities to take advantage of such weaknesses.

The following table lists the adversary tactics on the left and the revealed vulnerability on the right that can be exploited by the defender using Burn-In.

ATT&CK® Tactics Adversary Vulnerability Presented
Collection Discovery Initial Access Reconnaissance When adversaries interact with the environment or personas, they are vulnerable to collecting, or in some way interacting with, manipulated or decoy data. In those cases the data may increase their tolerance for imperfections in the environment and improve the overall believability of the ruse.
Collection When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to revealing their targeting preferences and capabilities.