In today’s dynamic threat landscape, organizations need more than static security policies—they need tools that reflect the complexity of real-world attacks. As part of my Master of Cybersecurity program, During my University, Master of Cybersecurity course I led a student’s research project in collaboration with Retrospect Lab, aimed at solving this very challenge.

Team Details: ( we were all third-semester students at Swinburne University of Technology, Master of Cyber Security)

Student Team Lead: Rajan Kandel

Other Team Members

• Aashish Adhikari
• Hamzen Abu Elfoul 
• Manpreet Kaur 
• Summaiya Shabbir

Academic Supervisor: Yasas Supeksala
Industry Supervisor: Dr. Rory Coulter
Project Duration: 4 Months ( Feb – May 2024)

The Project – Brief Description

The Problem: Unrealistic, Manual Cyber Simulations

Cyber incident response has long relied on predefined attack scenarios, manual testing, or outdated simulation methods. While useful, these methods often suffer from:

 Limited realism

 Time-consuming setup

 Lack of credible digital artifacts (the evidence attackers leave behind)

Simulating true-to-life cyber incidents is difficult without access to sensitive or real-world data—and this hinders training, detection development, and response testing.

💡 Our Solution: AI-Powered Artifact Generation

To overcome this limitation, our team developed a framework that uses generative AI (ChatGPT) to simulate digital artifacts representing various types of cyberattacks. The framework is designed to support:

Endpoint attacks

Network-based intrusions

Phishing emails

IoT-based threats

Code injection and exploitation

We crafted structured prompts using curated data from:

MITRE ATT&CK

 CVE/NVD vulnerability databases

 Real-world incident response blogs and threat reports

The AI then generated artifacts such as:

 Registry modifications

 Log entries (system, firewall, endpoint)

 Malicious scripts and payloads

 Obfuscated shellcode or attack fragments

🚀 Key Benefits

This AI-driven simulation framework brought multiple advantages:

Realism: Produces detailed and context-aware artifacts based on real-world threat intelligence.

Scalability: Easily extended to support new attack vectors, platforms, and behaviors.

Accessibility: No specialized lab required—only a browser, an internet connection, and AI access.

It’s an ideal tool for:

Training SOC analysts and red/blue teams

Testing SIEM detection rules

Benchmarking and improving incident response workflows

✅ Project Outcomes

Our prototype was successfully tested with Retrospect Lab, meeting the project’s key goals. It provided a flexible, testable system for producing synthetic threat artifacts.

Future enhancements include:

Automating prompt generation and data ingestion

 Integration with platforms like Microsoft Sentinel, Splunk, or Elastic

 Ranking AI outputs using ML models for realism and detection value

🧠 Final Thoughts and Product

This project showcases how AI can revolutionize cybersecurity readiness. By generating realistic cyber artifacts at scale, we help organizations prepare for tomorrow’s attacks today.

It’s a fusion of automation, intelligence, and innovation that has the potential to change how we train, detect, and respond in the face of ever-evolving cyber threats.

After the project, we developed a database of attack types, vectors, techniques, and tactics, along with a prompt framework that enables ChatGPT or any generative AI to produce realistic incident artifacts.