*Under Construction....the dev branch is a lot more fun but things break sometimes.
HALO is a Windows-focused research framework that demonstrates conditional execution of encrypted payloads based on AI-assisted telemetry evaluation. The system integrates host environment analysis with OpenAI GPT models to determine whether an embedded payload should be executed. Payloads are encrypted, embedded at build time, and executed inline through Windows API calls.
HALO consists of four major subsystems:
-
Telemetry
Collects runtime host data such as process information, parent process, system uptime, idle metrics, and device states. Establishes a baseline snapshot and compares subsequent samples to detect deviations or suspicious conditions. -
AI Decision Engine
Sends structured telemetry data to an OpenAI GPT model with a system prompt describing decision rules. The AI responds with JSON containing:allow(boolean) — whether execution should proceedreason(string) — justification for the decisionconfidence(float, 0.0–1.0) — estimated confidence
-
Payload Encryption / Embedding
Payloads are pre-encrypted using RC4. Both the encrypted payload (loader_encrypted.bin) and key (key.txt) are embedded directly into the Go binary at compile time via//go:embed. No external files are required at runtime. -
Shellcode Execution
If AI conditions are met, the shellcode is decrypted, allocated in executable memory viaVirtualAlloc, written in place, and executed in a new thread withCreateThread. The host blocks on execution usingWaitForSingleObject.
- Go 1.24 or newer
- OpenAI API key (
OPENAI_API_KEYenvironment variable) - Windows target environment (x86-64)
HALO is intended for Windows (x86-64). Cross-compilation from Linux requires MinGW:
go mod init halo
go mod tidy
CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc GOOS=windows GOARCH=amd64 go build -o halo.exe ./main.goDuring build:
Be sure to place loader_encrypted.bin and key.txt (in shellcode/) as they are embedded into the binary as byte slices.
Payload Encryption Utility (enc.go) The enc.go utility transforms a raw payload into the format consumed by HALO.
go build -o encryptor enc.go
./encryptor <input_payload.bin> <key.txt> <output_encrypted.bin>- The program initializes logging and verifies the
OPENAI_API_KEYenvironment variable.
- The telemetry subsystem records process and system state, storing a baseline for later comparison.
- A telemetry sample is collected.
- Telemetry is serialized to JSON and sent to the GPT model with the system prompt.
- The model’s response is parsed.
- Execution proceeds only if:
allow = trueconfidence ≥ 0.8
- The embedded payload is decrypted with RC4 using the embedded key.
- Memory is allocated with
VirtualAlloc(MEM_COMMIT | MEM_RESERVE,PAGE_EXECUTE_READWRITE). - Shellcode is copied into the allocated region.
CreateThreadis invoked with the shellcode entrypoint.- Execution is blocked until completion via
WaitForSingleObject.
- Modify the model string in
ai/ai.go(default:gpt-4.1-mini). - Modify the Prompt in
ai/ai.go
const systemPrompt = `
You are an AI OPSEC assistant analyzing telemetry from a host machine.
Your goal is to decide whether it is safe to execute a sensitive payload.
Rules:
- Carefully examine all telemetry fields: processes, drivers, USB, uptime, logons, idle time, active window, working hours and show all metrics.
- Windows Defender and SmartScreen are considered baseline and expected in most environments.
- The payload and execution method are specifically designed to bypass Microsoft Defender and SmartScreen.
- Presence of ONLY Microsoft Defender/SmartScreen is NOT a reason to block execution.
- Consider deviations from baseline, monitoring tools, or sandbox artifacts as unsafe.
- If unsafe, respond with: {"allow": false, "reason": "...", "conf": 0.xx}
- If safe, respond with: {"allow": true, "reason": "...", "conf": 0.xx}
- Confidence ("conf") is a float between 0 and 1.
- Only output JSON. Do not add commentary.
`- Adjust the conditional check in
main.goto change the minimum required confidence value.
- Extend
telemetry.goto collect additional host environment attributes as needed.
- Generate a new
loader_encrypted.binandkey.txtwithenc.go, then rebuild the project.