Sheepl – Tool to Emulate Adversary

Testing security solution is a critical part for any new purchasing or deployment of the security infrastructure. This necessity innovated new techniques and tools for testing solution based on different standards. If you are looking to test a full attack scenarios involving user behavior you can check Sheepl.

Sheepl is a tool that aims to bridge the gap by emulating the behavior that people normally undertake within a network environment. Using Python3 and AutoIT3 the output can be compiled into a standalone executable without any other dependencies that when executed on a Windows endpoint, executes a set of tasks randomly over a chosen time frame.

Sheepl – Tool to Emulate User Behavior

For red teamers this can serve to present those moments of opportunity to practice tradecraft. For blue teamers this supports focusing on detection of malicious activity indicators inside a sequence of benign user tasks.

User with this tool will be able to have comandline mode and interactive mode to run one of the following:

  • [ word ] :: Create a Word File
  • [ excel ] :: Create an Excel Spreadsheet
  • [ cmd ] :: Interact with CMD Shell
  • [ powershell ] :: Interact with PowerShell
  • [ rdp ] :: Authenticate using RDP
  • [ ie ] :: Browse to a URL using Internet Explorer
  • [ teabreak ] :: Grab a cuppa (random sleep time)

User can loop the tasks and choose the timeout as needed from several hours to several days/months. This will allow Red Teams develop tradecraft and Blue teams develop detection’s.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments