Cyber security

Sinon – Modular Windows Burn-In Automation With Generative AI For Deception

Sinon is a modular tool for automatic burn-in of Windows-based deception hosts that aims to reduce the difficulty of orchestrating deception hosts at scale whilst enabling diversity and randomness through generative capabilities.

It has been created as a proof-of-concept and is not intended for production deception environments.

It would likely be better suited to having content pre-generated and built into a one-time script, as we wouldn’t want to be storing secrets like OpenAI API keys on a decoy or deception host.

Features

  • Generative content including files, emails, and so on using OpenAI API (Configured for GPT-4o)
  • Randomness factor – select from list in config, or follow config completely
  • Temporal randomness – set delay to execution and delay between events including randomness factor

Sinon performs the following functions, as determined by a config file:

  • Install Applications: Automatically install applications from a predefined list using Chocolatey.
  • Browse Websites: Automatically open a list of websites to simulate user activity.
  • Change Preferences: Modify system preferences such as default browser, background images, screen resolutions, and system languages.
  • Add Start Menu Items: Add shortcuts to specified applications in the start menu.
  • Create and Modify Files: Generate and modify text files with the option to use OpenAI GPT-4 for content generation.
  • Send Emails: Send emails with the option to use OpenAI GPT-4 for content generation.
  • Download Decoy Files: Download files from specified URLs to simulate decoy file activity.
  • Manage Software: Install or uninstall software applications using predefined commands.
  • Perform System Updates: Execute system update commands.
  • Manage User Accounts: Create and manage user accounts with specified attributes.
  • Manage Network Settings: Configure Wi-Fi network connections using SSID and password.
  • Open Media Files: Open media files such as images, videos, and audio files.
  • Print Documents: Print specified text documents.
  • Create Scheduled Tasks: Schedule tasks to run specified commands at defined times.
  • Simulate User Interaction: Control the duration and delay of interactions with randomness.
  • Create Lures: Generate various types of lures to deceive intruders.
    • Credential pairs
    • SSH keys
    • Website URLs
    • Registry keys
    • CSV documents
    • API keys
    • LNK files (shortcuts)
  • Monitor File System: Watch specified paths for file system events such as modifications and log these events.
  • Redis Connectivity: Send generated lure data to Redis server for utilisation in additional deception steps and platforms.

Usage

  1. Clone the repository:
git clone https://github.com/yourusername/sinon.git
cd sinon
  1. Configure the application:
    • Modify the config.yaml file to suit your needs. See the Config Items section for details.
  2. Build the application:
go build -o sinon
# building for windows on linux: GOOS=windows GOARCH=amd64 go build -o sinon.exe

3. Deploy the application to your target machine:

  • This could be accomplished many ways, you may want to burn it in to an image, use SCCM/Intune etc.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

7 minutes ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

14 hours ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

15 hours ago

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

1 day ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

2 days ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

2 days ago