Sheepl - Creating Realistic User Demeanor For Supporting Tradecraft Evolution Inside Lab Environments
Sheepl : Creating realistic user behavior for supporting tradecraft evolution within lab environments
Introduction
There are lots of resources available online relating to how you lot tin educate AD network environments for the evolution of blue team too red team tradecraft. However the electrical current solutions tend to lack 1 of import facial expression inwards representing existent the world network configurations. H5N1 network is non but a collection of static endpoints, it is a platform for communication betwixt people.
Sheepl is a tool that aims to yoke the gap past times emulating the behavior that people unremarkably undertake within a network environment. Using Python3 too AutoIT3 the output tin last compiled into a standalone executable without whatever other dependancies that when executed on an Windows endpoint, executes a laid of tasks randomly over a chosen fourth dimension frame.
For crimson teamers this tin serve to introduce those moments of chance to do tradecraft. For bluish teamers this supports focusing on detection of malicious activeness indicators within a sequence of benign user tasks.
Tooling
Sheepl has 2 modes, commandline too interactive where commandline tin last used every bit business office of a wider scripting solution too interactive allows you lot to educate tasks inwards a question/response approach.
Example
python3 sheepl.py --name TBone --total_time=2h --wordfile "c:\\users\\matt\\Desktop\\matt.doc" --inputtext "content/if.txt" --cmd --cc "ipconfig /all" --cc "whoami" --cc "netstat -anto -p tcp"')python3 sheepl.py --interactiveAutoIT3
You tin download the AutoIT3 runtime too the Aut2EXE compiler here: AutoIT3 Download
The next video is an overview of Sheepl 0.1 every bit the beta release.
YouTube Video
Acknowledgments
- The amazing AutoIT Language https://www.autoitscript.com
- Jonathan Bennett for creating ^^
- The amazing Python3 linguistic communication https://www.python.org
- Fellow Spiders for all the support
