SANS360——下一场瘟疫.pdf

1、The Next PlagueHow AI is Revolutionizing Malware DevelopmentSANS 360With Foster Nethercott./WHOAMI Foster Nethercott OSTACT13 on socials United States Marine Corps and Afghanistan Veteran I have 25 different industry certifications and an MSISE from SANS SEC535 Offensive AI Course Author I own Open

2、Source Tactician Suit EnthusiastnLowering Barriers to EntryHistorically,malware development required a fair amount of skill and technical expertise.Recent AI Advancements have all but removed any knowledge requirements to write unsophisticated malware.This is the next evolution of the“Script Kiddie”

3、nA Practical ExampleIn 2023,I wrote“The Evolution of the Digital Predator:Using AI to Evade Security Controls”The premise was simple.I acted as an individual with no coding knowledge,and wanted to test if I could get ChatGPT 4 to write undetectable malware.The subsequent program:Recorded all keystro

4、kes with time signaturesPerformed window monitoring,including URL tracking.Took ScreenshotsEstablished startup persistenceEstablished a C2 connection/exfiltration channelDisguised itself as Windows UpdaterA screenshot from a more recent program from SEC535nBut Most ImportantlyThe program is flagged

5、by 0 security vendors on Virus TotalnIncreasing Malware SophisticationAI Powered Poly and Metamorphic CodePerforming Real Time AdaptationsAI Powered Logic BombsDecoy Behaviors to fool Behavioral DetectionnNot Just TheoryIn 2018 IBM released research on Deep Locker,which acted as an AI powered Logic

6、BombFancy Bear(APT28)are alleged by Microsoft to be weaponizing AI for reconnaissance and malware development in the Ukraine war.Other major threat actors actively weaponizing AI for scripting and malware development include Charcoal Typhoo