当前位置:首页 > 报告详情

黑客在抢劫过程中泄露自拍照:LLM 识别信息窃取者的感染途径并提取入侵指标.pdf

上传人: 竿*** 编号:981879 2025-11-29 167页 13.22MB

1、#BHUSA BlackHatEventsBylineHacker Dropping Mid-Heist SelfiesLLM Identifies Information Stealer Infection Vectors and Extracts IoCEstelle Ruellan,Threat Intelligence ResearcherOlivier Bilodeau,Principal Cybersecurity Researcherflare.ioWho Are We?2Olivier BilodeauEstelle RuellanCyber Threat Intelligen

2、ce ResearcherMathematics and Criminology BackgroundFormer student athleteLoves data science,shapes and colorsBaby serial presenter:NorthSec,ShmooCon,Botconf,Hack.lu,eCrime APWG,EUROCRIME15 years cybersecurity industry experiencePrincipal Cybersecurity Researcher at FlareFormer GoSecure,ESET.Founder

3、MontrHackNorthSecs PresidentSerial presenter:DEFCON,BlackHat,SecTor,Botconf,CERT-EU,AtlSecConHonorable mentions:flare.ioAgenda1.The Information Stealer Malware Phenomenon2.Mid-Heist Selfies3.The LLM Pipeline4.Prompt Engineering5.LLM Assessment6.Discriminating IoCs7.Inside the Infostealer Playbook8.S

4、uccessful Campaigns:2 Case Studies9.Strength and Limits10.Conclusionflare.ioAgenda1.The Information Stealer Malware Phenomenon2.Mid-Heist Selfies3.The LLM Pipeline4.Prompt Engineering5.LLM Assessment6.Discriminating IoCs7.Inside the Infostealer Playbook8.Successful Campaigns:2 Case Studies10.Conclus

5、ion9.Strength and Limitsflare.io5The Malware you(may)have never heard of:5What is an Infostealer?Administrative rights NOT required!&No Persistence!User downloads cracked softwareIndividual logs are packaged togetherLog Files are distributed in Telegram ChannelsInfostealer grabs:-credentials-crypto

6、wallets-browser Data Malware is executed on victim computerData exfiltrated to C2 infrastructureflare.io6 6Stealer Log Structurecrazy_cloud_daily.zip78a5g6fdg.zipun347y8erf.zipjnh2389dfv.zipjnkdf89345.zipuni34r893.zipHere is the daily update for Jan 27th!crazy_cloud_daily.zipFrom:Cr4zy Cl0ud 2025!1f

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
- **信息窃取恶意软件现象**:信息窃取器(Infostealer)恶意软件无需管理员权限即可运行,无需持久化,通过下载破解软件、窃取凭证、加密钱包和浏览器数据等方式窃取用户信息。 - **Mid-Heist Selfies**:攻击者会在攻击过程中拍摄受害者的屏幕截图,这些截图可能包含攻击线索。 - **LLM Pipeline**:使用大型语言模型(LLM)分析恶意软件,包括视觉评估、识别感染向量、评估和排除干扰信息。 - **Prompt Engineering**:通过精心设计的提示来指导LLM进行更有效的分析。 - **案例研究**:通过两个案例研究展示了如何使用LLM分析信息窃取器恶意软件。 - **成功案例**:展示了LLM在识别和追踪恶意软件活动方面的成功案例。 - **优势和局限性**:LLM在分析恶意软件方面具有优势,但也存在成本和速度方面的局限性。
信息窃取者如何行动?" 如何识别恶意软件线索?" 中盜自拍揭示了什么?"
客服
商务合作
小程序
服务号
折叠