AI-RedOps Exploit Simulation
This project simulates an FTP-based cyber attack using Kali Linux and analyzes it using Wireshark and AI-generated SOC reporting. It demonstrates how even failed login attempts can provide valuable intelligence to blue teams.
Lab Overview
ComponentTool/OSRoleAttackerKali LinuxRuns exploit automation scriptVictimWindows 10Hosts Microsoft FTP ServerNetworkHost-Only AdapterControlled test environmentPacket Capturetcpdump, WiresharkRecords and analyzes trafficReportingGPT / ChatGPTGenerates professional SOC summary
What the Script Does
The included Bash script exploit_sim.sh performs the following:
Runs an
nmapscan on the Windows targetStarts
tcpdumpto capture network trafficAttempts anonymous FTP login
Tries to upload a fake
reverse_shell.batpayloadStops capture and generates an AI-ready GPT prompt
Evidence Screenshots
FileDescriptionftp_denied_login.pngShows the FTP login and rejectionftp_mode_denial.pngShows data channel setup failure
You can find these in the documentation/ folder.
Folder Structure
AI-RedOps_Exploit_Simulation/
├── ai_summary/ # GPT prompt and AI-generated summary
├── captures/ # Packet capture (.pcap)
├── documentation/ # README, banner, and screenshots
├── report_assets/ # (optional for future expansion)
├── scan_results/ # Nmap results
└── scripts/ # exploit_sim.sh and reverse_shell.bat
AI Summary
See ai_summary/ai_summary.md for the full GPT-generated analysis.
Detected MITRE ATT&CK Techniques:
T1078.003 — Valid Accounts: Default Accounts
T1048 — Exfiltration Over Alternative Protocol: FTP
T1133 — External Remote Services
How to Run the Lab
From Kali Linux:
cd scripts/
sudo ./exploit_sim.sh
Requirements:
FTP server running on Windows 10
Interface
eth1or adjusted in scriptWireshark installed to review
.pcap
Key Takeaways
Even failed FTP logins reveal attacker intent
Packet analysis enables visibility into low-level behavior
AI can enhance and accelerate incident response reporting
