One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8611254 |
| Date de publication | 2024-11-14 14:00:00 (vue: 2024-11-14 20:07:51) |
| Titre | Pirates in the Data Sea: AI Enhancing Your Adversarial Emulation |
| Texte | Matthijs Gielen, Jay Christiansen
Background New solutions, old problems. Artificial intelligence (AI) and large language models (LLMs) are here to signal a new day in the cybersecurity world, but what does that mean for us-the attackers and defenders-and our battle to improve security through all the noise? Data is everywhere. For most organizations, the access to security data is no longer the primary issue. Rather, it is the vast quantities of it, the noise in it, and the disjointed and spread-out nature of it. Understanding and making sense of it-THAT is the real challenge. When we conduct adversarial emulation (red team) engagements, making sense of all the network, user, and domain data available to us is how we find the path forward. From a defensive perspective, efficiently finding the sharpest and most dangerous needles in the haystack-for example, easily accessible credentials on fileshares-is how we prioritize, improve, and defend. How do you make sense of this vast amount of structured and unstructured data, and give yourself the advantage? Data permeates the modern organization. This data can be challenging to parse, process, and understand from a security implication perspective, but AI might just change all that. This blog post will focus on a number of case studies where we obtained data during our complex adversarial emulation engagements with our global clients, and how we innovated using AI and LLM systems to process this into structured data that could be used to better defend organizations. We will showcase the lessons learned and key takeaways for all organizations and highlight other problems that can be solved with this approach for both red and blue teams. Approach Data parsing and understanding is one of the biggest early benefits of AI. We have seen many situations where AI can help process data at a fast rate. Throughout this post, we use an LLM to process unstructured data, meaning that the data did not have a structure or format that we knew about before parsing the data. If you want to try these examples out yourself, please make sure you use either a local model, or you have permission to send the data to an external service. Getting Structured Data Out of an LLM Step one is to get the data into a format we can use. If you ever used an LLM, you will have noticed it will output as a story or prose text, especially if you use chat-based versions. For a lot of use cases, this is fine; however, we want to analyze the data and get structured data. Thus, the first problem we have to solve is to get the LLM to output the data in a format we can specify. The simple method is to ask the LLM to output the data in a machine readable format like JSON, XML, or CSV. However, you will quickly notice that you have to be quite specific with the data format, and the LLM can easily output data in another format, ignoring your instructions. Luckily for us, other people have encountered this problem and have solved it with something called Guardrails. One of the projects we have found is called |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | *rest /del /user:chaos /yes 1–4 120 124 136 168 180 183 185 232 235 278 281 284 294 296 304 400 600 900 |
| Tags | Tool Threat Studies Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.