Cyber security

Sinon – Modular Windows Burn-In Automation With Generative AI For Deception

Sinon is a modular tool for automatic burn-in of Windows-based deception hosts that aims to reduce the difficulty of orchestrating deception hosts at scale whilst enabling diversity and randomness through generative capabilities.

It has been created as a proof-of-concept and is not intended for production deception environments.

It would likely be better suited to having content pre-generated and built into a one-time script, as we wouldn’t want to be storing secrets like OpenAI API keys on a decoy or deception host.

Features

  • Generative content including files, emails, and so on using OpenAI API (Configured for GPT-4o)
  • Randomness factor – select from list in config, or follow config completely
  • Temporal randomness – set delay to execution and delay between events including randomness factor

Sinon performs the following functions, as determined by a config file:

  • Install Applications: Automatically install applications from a predefined list using Chocolatey.
  • Browse Websites: Automatically open a list of websites to simulate user activity.
  • Change Preferences: Modify system preferences such as default browser, background images, screen resolutions, and system languages.
  • Add Start Menu Items: Add shortcuts to specified applications in the start menu.
  • Create and Modify Files: Generate and modify text files with the option to use OpenAI GPT-4 for content generation.
  • Send Emails: Send emails with the option to use OpenAI GPT-4 for content generation.
  • Download Decoy Files: Download files from specified URLs to simulate decoy file activity.
  • Manage Software: Install or uninstall software applications using predefined commands.
  • Perform System Updates: Execute system update commands.
  • Manage User Accounts: Create and manage user accounts with specified attributes.
  • Manage Network Settings: Configure Wi-Fi network connections using SSID and password.
  • Open Media Files: Open media files such as images, videos, and audio files.
  • Print Documents: Print specified text documents.
  • Create Scheduled Tasks: Schedule tasks to run specified commands at defined times.
  • Simulate User Interaction: Control the duration and delay of interactions with randomness.
  • Create Lures: Generate various types of lures to deceive intruders.
    • Credential pairs
    • SSH keys
    • Website URLs
    • Registry keys
    • CSV documents
    • API keys
    • LNK files (shortcuts)
  • Monitor File System: Watch specified paths for file system events such as modifications and log these events.
  • Redis Connectivity: Send generated lure data to Redis server for utilisation in additional deception steps and platforms.

Usage

  1. Clone the repository:
git clone https://github.com/yourusername/sinon.git
cd sinon
  1. Configure the application:
    • Modify the config.yaml file to suit your needs. See the Config Items section for details.
  2. Build the application:
go build -o sinon
# building for windows on linux: GOOS=windows GOARCH=amd64 go build -o sinon.exe

3. Deploy the application to your target machine:

  • This could be accomplished many ways, you may want to burn it in to an image, use SCCM/Intune etc.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

5 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

5 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

6 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

1 week ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago