Sinon is a modular tool for automatic burn-in of Windows-based deception hosts that aims to reduce the difficulty of orchestrating deception hosts at scale whilst enabling diversity and randomness through generative capabilities.

It has been created as a proof-of-concept and is not intended for production deception environments.

It would likely be better suited to having content pre-generated and built into a one-time script, as we wouldn’t want to be storing secrets like OpenAI API keys on a decoy or deception host.

Features

  • Generative content including files, emails, and so on using OpenAI API (Configured for GPT-4o)
  • Randomness factor – select from list in config, or follow config completely
  • Temporal randomness – set delay to execution and delay between events including randomness factor

Sinon performs the following functions, as determined by a config file:

  • Install Applications: Automatically install applications from a predefined list using Chocolatey.
  • Browse Websites: Automatically open a list of websites to simulate user activity.
  • Change Preferences: Modify system preferences such as default browser, background images, screen resolutions, and system languages.
  • Add Start Menu Items: Add shortcuts to specified applications in the start menu.
  • Create and Modify Files: Generate and modify text files with the option to use OpenAI GPT-4 for content generation.
  • Send Emails: Send emails with the option to use OpenAI GPT-4 for content generation.
  • Download Decoy Files: Download files from specified URLs to simulate decoy file activity.
  • Manage Software: Install or uninstall software applications using predefined commands.
  • Perform System Updates: Execute system update commands.
  • Manage User Accounts: Create and manage user accounts with specified attributes.
  • Manage Network Settings: Configure Wi-Fi network connections using SSID and password.
  • Open Media Files: Open media files such as images, videos, and audio files.
  • Print Documents: Print specified text documents.
  • Create Scheduled Tasks: Schedule tasks to run specified commands at defined times.
  • Simulate User Interaction: Control the duration and delay of interactions with randomness.
  • Create Lures: Generate various types of lures to deceive intruders.
    • Credential pairs
    • SSH keys
    • Website URLs
    • Registry keys
    • CSV documents
    • API keys
    • LNK files (shortcuts)
  • Monitor File System: Watch specified paths for file system events such as modifications and log these events.
  • Redis Connectivity: Send generated lure data to Redis server for utilisation in additional deception steps and platforms.

Usage

  1. Clone the repository:
git clone https://github.com/yourusername/sinon.git
cd sinon
  1. Configure the application:
    • Modify the config.yaml file to suit your needs. See the Config Items section for details.
  2. Build the application:
go build -o sinon
# building for windows on linux: GOOS=windows GOARCH=amd64 go build -o sinon.exe

3. Deploy the application to your target machine:

  • This could be accomplished many ways, you may want to burn it in to an image, use SCCM/Intune etc.

For more information click here.

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *