Sinon is a modular tool for automatic burn-in of Windows-based deception hosts that aims to reduce the difficulty of orchestrating deception hosts at scale whilst enabling diversity and randomness through generative capabilities.
It has been created as a proof-of-concept and is not intended for production deception environments.
It would likely be better suited to having content pre-generated and built into a one-time script, as we wouldn’t want to be storing secrets like OpenAI API keys on a decoy or deception host.
Features
- Generative content including files, emails, and so on using OpenAI API (Configured for GPT-4o)
- Randomness factor – select from list in config, or follow config completely
- Temporal randomness – set delay to execution and delay between events including randomness factor
Sinon performs the following functions, as determined by a config file:
- Install Applications: Automatically install applications from a predefined list using Chocolatey.
- Browse Websites: Automatically open a list of websites to simulate user activity.
- Change Preferences: Modify system preferences such as default browser, background images, screen resolutions, and system languages.
- Add Start Menu Items: Add shortcuts to specified applications in the start menu.
- Create and Modify Files: Generate and modify text files with the option to use OpenAI GPT-4 for content generation.
- Send Emails: Send emails with the option to use OpenAI GPT-4 for content generation.
- Download Decoy Files: Download files from specified URLs to simulate decoy file activity.
- Manage Software: Install or uninstall software applications using predefined commands.
- Perform System Updates: Execute system update commands.
- Manage User Accounts: Create and manage user accounts with specified attributes.
- Manage Network Settings: Configure Wi-Fi network connections using SSID and password.
- Open Media Files: Open media files such as images, videos, and audio files.
- Print Documents: Print specified text documents.
- Create Scheduled Tasks: Schedule tasks to run specified commands at defined times.
- Simulate User Interaction: Control the duration and delay of interactions with randomness.
- Create Lures: Generate various types of lures to deceive intruders.
- Credential pairs
- SSH keys
- Website URLs
- Registry keys
- CSV documents
- API keys
- LNK files (shortcuts)
- Monitor File System: Watch specified paths for file system events such as modifications and log these events.
- Redis Connectivity: Send generated lure data to Redis server for utilisation in additional deception steps and platforms.
Usage
- Clone the repository:
git clone https://github.com/yourusername/sinon.git
cd sinon
- Configure the application:
- Modify the
config.yaml
file to suit your needs. See the Config Items section for details.
- Modify the
- Build the application:
go build -o sinon
# building for windows on linux: GOOS=windows GOARCH=amd64 go build -o sinon.exe
3. Deploy the application to your target machine:
- This could be accomplished many ways, you may want to burn it in to an image, use SCCM/Intune etc.
For more information click here.