1、#BHAS BlackHatEventsEnhancing Modern Threat IntelligenceThe Pivotal Role of Large Language Models in Extracting Actionable TTP Attack ChainsJack Tang,Lorin Wu,Porot Mo#BHAS BlackHatEventsAbout Us Jack TangJack,the team leader,has over 15 years of expertise in the security industry and is presently f
2、ocusing on the use of MITRE ATT&CK in security operations and threat intelligence.He is knowledgeable on kernel and virtualization vulnerability research for Android,Mac,and Windows.He ranked Top 16 on the MSRC in 2016 and Top 34 in 2015.In 2016,he was awarded the Microsoft Mitigation Bypass Bounty.
3、Jack has lectured at security conferences such as CanSecWest,Black Hat,HITCon,and PacSec.Lorin WuBuilding an offensive and defensive knowledge graph for cyber security is what Lorin is currently working on.He spent many years working at Trend Micro,where he concentrated on the creation of heuristic
4、patterns and mobile sandbox technologies.During this period,he identified various international cyber security operations that were reported to INTERPOL and Google Security Team.Porot MoPorot received a masters degree from the University of Chinese Academy of Sciences after graduating from the Unive
5、rsity of Scienceand Technology of China.He is currently devoted to the study of offensive and defensive technologies and has three years of expertise in sandbox development.#BHAS BlackHatEventsAgenda Background Solution IntroductionKey Modules&Architecture Overview Solution Implementation&ResultsTTP
6、 Extraction Evolution(Three Ages)&KGRAG-Based TTP ExtractionKGRAG-Based TTP Attack Chain EnrichmentRAG-Based TTP Actionable Conversion Takeaways#BHAS BlackHatEventsBackground Understanding TTP:Tactics,Techniques,and Procedures The Significance of TTP Extraction and Actionable Conversion The Challeng