d803bfe2b1
git-subtree-dir: vendor/ruvector git-subtree-split: b64c21726f2bb37286d9ee36a7869fef60cc6900
524 lines
23 KiB
JavaScript
524 lines
23 KiB
JavaScript
"use strict";
|
|
/**
|
|
* Threat Simulation Data Examples
|
|
*
|
|
* ⚠️ ETHICAL USE ONLY ⚠️
|
|
* These simulations are for:
|
|
* - Security operations center (SOC) training
|
|
* - Incident response preparation
|
|
* - Threat detection system validation
|
|
* - Red team exercises in authorized environments
|
|
*
|
|
* NEVER use for actual attacks or unauthorized testing.
|
|
*/
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.generateBruteForcePatterns = generateBruteForcePatterns;
|
|
exports.generateDDoSSimulation = generateDDoSSimulation;
|
|
exports.generateMalwareBehaviors = generateMalwareBehaviors;
|
|
exports.generatePhishingCampaigns = generatePhishingCampaigns;
|
|
exports.generateInsiderThreatScenarios = generateInsiderThreatScenarios;
|
|
exports.generateZeroDayIndicators = generateZeroDayIndicators;
|
|
exports.runThreatSimulations = runThreatSimulations;
|
|
const agentic_synth_1 = require("agentic-synth");
|
|
/**
|
|
* Brute Force Attack Pattern Simulation
|
|
* For testing account lockout and rate limiting mechanisms
|
|
*/
|
|
async function generateBruteForcePatterns() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.7,
|
|
maxRetries: 3
|
|
});
|
|
const bruteForcePrompt = `
|
|
Generate brute force attack pattern simulations for defensive security testing.
|
|
Include password spray, credential stuffing, dictionary attacks.
|
|
Each pattern should have: attack_type, target, timing, credentials_tested, detection_indicators.
|
|
Generate 10 realistic brute force attack patterns.
|
|
`;
|
|
const patterns = await synth.generate({
|
|
prompt: bruteForcePrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
patterns: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
attack_type: {
|
|
type: 'string',
|
|
enum: [
|
|
'password_spray',
|
|
'credential_stuffing',
|
|
'dictionary_attack',
|
|
'hybrid_attack',
|
|
'rainbow_table',
|
|
'reverse_brute_force'
|
|
]
|
|
},
|
|
target_service: { type: 'string' },
|
|
target_endpoints: { type: 'array', items: { type: 'string' } },
|
|
timing_pattern: {
|
|
type: 'object',
|
|
properties: {
|
|
attempts_per_minute: { type: 'number' },
|
|
delay_between_attempts: { type: 'number' },
|
|
total_duration_minutes: { type: 'number' },
|
|
distributed_sources: { type: 'boolean' }
|
|
}
|
|
},
|
|
credentials_tested: { type: 'number' },
|
|
usernames_targeted: { type: 'number' },
|
|
source_ips: { type: 'array', items: { type: 'string' } },
|
|
user_agents: { type: 'array', items: { type: 'string' } },
|
|
detection_indicators: {
|
|
type: 'array',
|
|
items: { type: 'string' }
|
|
},
|
|
expected_defenses: {
|
|
type: 'array',
|
|
items: { type: 'string' }
|
|
},
|
|
severity: { type: 'string' }
|
|
},
|
|
required: ['id', 'attack_type', 'target_service', 'timing_pattern']
|
|
}
|
|
}
|
|
},
|
|
required: ['patterns']
|
|
}
|
|
});
|
|
return patterns;
|
|
}
|
|
/**
|
|
* DDoS Traffic Simulation Data
|
|
* For testing DDoS mitigation and traffic filtering
|
|
*/
|
|
async function generateDDoSSimulation() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.8,
|
|
maxRetries: 3
|
|
});
|
|
const ddosPrompt = `
|
|
Generate DDoS attack simulation data for defensive testing.
|
|
Include volumetric, protocol, and application layer attacks.
|
|
Each simulation should have: attack_vector, traffic_pattern, volume, mitigation_strategy.
|
|
Generate 8 different DDoS attack simulations.
|
|
`;
|
|
const simulations = await synth.generate({
|
|
prompt: ddosPrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
simulations: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
attack_vector: {
|
|
type: 'string',
|
|
enum: [
|
|
'syn_flood',
|
|
'udp_flood',
|
|
'http_flood',
|
|
'slowloris',
|
|
'dns_amplification',
|
|
'ntp_amplification',
|
|
'ssdp_amplification',
|
|
'memcached_amplification'
|
|
]
|
|
},
|
|
layer: {
|
|
type: 'string',
|
|
enum: ['layer3', 'layer4', 'layer7']
|
|
},
|
|
traffic_pattern: {
|
|
type: 'object',
|
|
properties: {
|
|
packets_per_second: { type: 'number' },
|
|
requests_per_second: { type: 'number' },
|
|
bandwidth_mbps: { type: 'number' },
|
|
source_ips: { type: 'number' },
|
|
botnet_size: { type: 'number' }
|
|
}
|
|
},
|
|
target_resources: { type: 'array', items: { type: 'string' } },
|
|
duration_minutes: { type: 'number' },
|
|
amplification_factor: { type: 'number' },
|
|
detection_signatures: { type: 'array', items: { type: 'string' } },
|
|
mitigation_strategies: { type: 'array', items: { type: 'string' } },
|
|
impact_severity: { type: 'string' }
|
|
},
|
|
required: ['id', 'attack_vector', 'layer', 'traffic_pattern']
|
|
}
|
|
}
|
|
},
|
|
required: ['simulations']
|
|
}
|
|
});
|
|
return simulations;
|
|
}
|
|
/**
|
|
* Malware Behavior Pattern Simulation
|
|
* For testing endpoint detection and response (EDR) systems
|
|
*/
|
|
async function generateMalwareBehaviors() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.7,
|
|
maxRetries: 3
|
|
});
|
|
const malwarePrompt = `
|
|
Generate malware behavior patterns for EDR/XDR testing.
|
|
Include ransomware, trojans, rootkits, and APT behaviors.
|
|
Each behavior should have: malware_type, activities, indicators_of_compromise, detection_methods.
|
|
Generate 12 distinct malware behavior patterns.
|
|
`;
|
|
const behaviors = await synth.generate({
|
|
prompt: malwarePrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
behaviors: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
malware_type: {
|
|
type: 'string',
|
|
enum: [
|
|
'ransomware',
|
|
'trojan',
|
|
'rootkit',
|
|
'keylogger',
|
|
'backdoor',
|
|
'worm',
|
|
'apt_toolkit',
|
|
'cryptominer'
|
|
]
|
|
},
|
|
malware_family: { type: 'string' },
|
|
infection_vector: { type: 'string' },
|
|
activities: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
action: { type: 'string' },
|
|
timestamp_offset: { type: 'number' },
|
|
process: { type: 'string' },
|
|
command_line: { type: 'string' },
|
|
files_accessed: { type: 'array', items: { type: 'string' } },
|
|
registry_modifications: { type: 'array', items: { type: 'string' } },
|
|
network_connections: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
destination_ip: { type: 'string' },
|
|
destination_port: { type: 'number' },
|
|
protocol: { type: 'string' }
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
indicators_of_compromise: {
|
|
type: 'object',
|
|
properties: {
|
|
file_hashes: { type: 'array', items: { type: 'string' } },
|
|
ip_addresses: { type: 'array', items: { type: 'string' } },
|
|
domains: { type: 'array', items: { type: 'string' } },
|
|
registry_keys: { type: 'array', items: { type: 'string' } },
|
|
mutex_names: { type: 'array', items: { type: 'string' } }
|
|
}
|
|
},
|
|
mitre_tactics: { type: 'array', items: { type: 'string' } },
|
|
detection_methods: { type: 'array', items: { type: 'string' } },
|
|
severity: { type: 'string' }
|
|
},
|
|
required: ['id', 'malware_type', 'activities', 'indicators_of_compromise']
|
|
}
|
|
}
|
|
},
|
|
required: ['behaviors']
|
|
}
|
|
});
|
|
return behaviors;
|
|
}
|
|
/**
|
|
* Phishing Campaign Simulation Data
|
|
* For security awareness training and email filter testing
|
|
*/
|
|
async function generatePhishingCampaigns() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.8,
|
|
maxRetries: 3
|
|
});
|
|
const phishingPrompt = `
|
|
Generate phishing campaign simulations for security awareness training.
|
|
Include spear phishing, whaling, vishing, smishing variants.
|
|
Each campaign should have: technique, lure, payload, indicators, user_training_points.
|
|
Generate 10 diverse phishing campaign scenarios.
|
|
`;
|
|
const campaigns = await synth.generate({
|
|
prompt: phishingPrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
campaigns: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
technique: {
|
|
type: 'string',
|
|
enum: [
|
|
'spear_phishing',
|
|
'whaling',
|
|
'clone_phishing',
|
|
'vishing',
|
|
'smishing',
|
|
'angler_phishing',
|
|
'business_email_compromise'
|
|
]
|
|
},
|
|
target_audience: { type: 'string' },
|
|
lure_theme: { type: 'string' },
|
|
email_components: {
|
|
type: 'object',
|
|
properties: {
|
|
subject_line: { type: 'string' },
|
|
sender_display_name: { type: 'string' },
|
|
sender_email: { type: 'string' },
|
|
body_preview: { type: 'string' },
|
|
call_to_action: { type: 'string' },
|
|
urgency_level: { type: 'string' }
|
|
}
|
|
},
|
|
payload_type: {
|
|
type: 'string',
|
|
enum: ['credential_harvesting', 'malware_download', 'information_gathering', 'wire_transfer']
|
|
},
|
|
red_flags: { type: 'array', items: { type: 'string' } },
|
|
detection_indicators: { type: 'array', items: { type: 'string' } },
|
|
user_training_points: { type: 'array', items: { type: 'string' } },
|
|
success_metrics: {
|
|
type: 'object',
|
|
properties: {
|
|
expected_open_rate: { type: 'number' },
|
|
expected_click_rate: { type: 'number' },
|
|
expected_report_rate: { type: 'number' }
|
|
}
|
|
},
|
|
severity: { type: 'string' }
|
|
},
|
|
required: ['id', 'technique', 'lure_theme', 'payload_type', 'red_flags']
|
|
}
|
|
}
|
|
},
|
|
required: ['campaigns']
|
|
}
|
|
});
|
|
return campaigns;
|
|
}
|
|
/**
|
|
* Insider Threat Scenario Simulation
|
|
* For user behavior analytics (UBA) and insider threat detection
|
|
*/
|
|
async function generateInsiderThreatScenarios() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.7,
|
|
maxRetries: 3
|
|
});
|
|
const insiderPrompt = `
|
|
Generate insider threat scenario simulations for security monitoring.
|
|
Include data exfiltration, sabotage, privilege abuse, negligent behavior.
|
|
Each scenario should have: threat_type, user_profile, activities, anomalies, detection_triggers.
|
|
Generate 8 insider threat scenarios.
|
|
`;
|
|
const scenarios = await synth.generate({
|
|
prompt: insiderPrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
scenarios: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
threat_type: {
|
|
type: 'string',
|
|
enum: [
|
|
'data_exfiltration',
|
|
'intellectual_property_theft',
|
|
'sabotage',
|
|
'privilege_abuse',
|
|
'negligent_behavior',
|
|
'policy_violation'
|
|
]
|
|
},
|
|
insider_classification: {
|
|
type: 'string',
|
|
enum: ['malicious', 'negligent', 'compromised']
|
|
},
|
|
user_profile: {
|
|
type: 'object',
|
|
properties: {
|
|
role: { type: 'string' },
|
|
access_level: { type: 'string' },
|
|
tenure_months: { type: 'number' },
|
|
department: { type: 'string' },
|
|
baseline_behavior: { type: 'string' }
|
|
}
|
|
},
|
|
timeline: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
day: { type: 'number' },
|
|
activity: { type: 'string' },
|
|
anomaly_score: { type: 'number' },
|
|
data_accessed: { type: 'string' },
|
|
volume_mb: { type: 'number' }
|
|
}
|
|
}
|
|
},
|
|
behavioral_anomalies: { type: 'array', items: { type: 'string' } },
|
|
technical_indicators: { type: 'array', items: { type: 'string' } },
|
|
detection_triggers: { type: 'array', items: { type: 'string' } },
|
|
risk_score: { type: 'number' },
|
|
mitigation: { type: 'string' }
|
|
},
|
|
required: ['id', 'threat_type', 'insider_classification', 'user_profile']
|
|
}
|
|
}
|
|
},
|
|
required: ['scenarios']
|
|
}
|
|
});
|
|
return scenarios;
|
|
}
|
|
/**
|
|
* Zero-Day Exploit Indicator Simulation
|
|
* For testing threat intelligence and anomaly detection systems
|
|
*/
|
|
async function generateZeroDayIndicators() {
|
|
const synth = new agentic_synth_1.AgenticSynth({
|
|
temperature: 0.8,
|
|
maxRetries: 3
|
|
});
|
|
const zeroDayPrompt = `
|
|
Generate zero-day exploit indicator simulations for threat intelligence testing.
|
|
Include unknown malware signatures, unusual network patterns, novel attack techniques.
|
|
Each indicator set should have: exploit_target, behavior_patterns, anomaly_indicators, threat_hunting_queries.
|
|
Generate 6 zero-day exploit indicator sets.
|
|
`;
|
|
const indicators = await synth.generate({
|
|
prompt: zeroDayPrompt,
|
|
schema: {
|
|
type: 'object',
|
|
properties: {
|
|
indicator_sets: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
id: { type: 'string' },
|
|
exploit_name: { type: 'string' },
|
|
target_software: { type: 'string' },
|
|
target_version: { type: 'string' },
|
|
vulnerability_type: { type: 'string' },
|
|
behavior_patterns: {
|
|
type: 'array',
|
|
items: {
|
|
type: 'object',
|
|
properties: {
|
|
pattern_type: { type: 'string' },
|
|
description: { type: 'string' },
|
|
frequency: { type: 'string' },
|
|
confidence_level: { type: 'number' }
|
|
}
|
|
}
|
|
},
|
|
anomaly_indicators: { type: 'array', items: { type: 'string' } },
|
|
network_signatures: { type: 'array', items: { type: 'string' } },
|
|
memory_artifacts: { type: 'array', items: { type: 'string' } },
|
|
threat_hunting_queries: { type: 'array', items: { type: 'string' } },
|
|
detection_difficulty: {
|
|
type: 'string',
|
|
enum: ['low', 'medium', 'high', 'critical']
|
|
},
|
|
potential_impact: { type: 'string' },
|
|
recommended_response: { type: 'string' }
|
|
},
|
|
required: ['id', 'exploit_name', 'target_software', 'behavior_patterns']
|
|
}
|
|
}
|
|
},
|
|
required: ['indicator_sets']
|
|
}
|
|
});
|
|
return indicators;
|
|
}
|
|
/**
|
|
* Example Usage
|
|
*/
|
|
async function runThreatSimulations() {
|
|
console.log('⚠️ Running Authorized Threat Simulations for Defense Testing ⚠️\n');
|
|
try {
|
|
// Generate brute force patterns
|
|
console.log('Generating brute force attack patterns...');
|
|
const bruteForce = await generateBruteForcePatterns();
|
|
console.log(`Generated ${bruteForce.patterns?.length || 0} brute force patterns\n`);
|
|
// Generate DDoS simulations
|
|
console.log('Generating DDoS attack simulations...');
|
|
const ddos = await generateDDoSSimulation();
|
|
console.log(`Generated ${ddos.simulations?.length || 0} DDoS simulations\n`);
|
|
// Generate malware behaviors
|
|
console.log('Generating malware behavior patterns...');
|
|
const malware = await generateMalwareBehaviors();
|
|
console.log(`Generated ${malware.behaviors?.length || 0} malware behaviors\n`);
|
|
// Generate phishing campaigns
|
|
console.log('Generating phishing campaign scenarios...');
|
|
const phishing = await generatePhishingCampaigns();
|
|
console.log(`Generated ${phishing.campaigns?.length || 0} phishing campaigns\n`);
|
|
// Generate insider threat scenarios
|
|
console.log('Generating insider threat scenarios...');
|
|
const insider = await generateInsiderThreatScenarios();
|
|
console.log(`Generated ${insider.scenarios?.length || 0} insider threat scenarios\n`);
|
|
// Generate zero-day indicators
|
|
console.log('Generating zero-day exploit indicators...');
|
|
const zeroDay = await generateZeroDayIndicators();
|
|
console.log(`Generated ${zeroDay.indicator_sets?.length || 0} zero-day indicator sets\n`);
|
|
return {
|
|
bruteForce,
|
|
ddos,
|
|
malware,
|
|
phishing,
|
|
insider,
|
|
zeroDay
|
|
};
|
|
}
|
|
catch (error) {
|
|
console.error('Error generating threat simulations:', error);
|
|
throw error;
|
|
}
|
|
}
|
|
// Export all generators
|
|
exports.default = {
|
|
generateBruteForcePatterns,
|
|
generateDDoSSimulation,
|
|
generateMalwareBehaviors,
|
|
generatePhishingCampaigns,
|
|
generateInsiderThreatScenarios,
|
|
generateZeroDayIndicators,
|
|
runThreatSimulations
|
|
};
|
|
//# sourceMappingURL=threat-simulation.js.map
|