Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how Large Language Models revolutionize threat intelligence by automatically extracting actionable TTP (Tactics, Techniques, and Procedures) attack chains from unstructured cybersecurity reports in this 32-minute Black Hat conference presentation. Discover the evolution of threat intelligence from traditional IOC-based approaches to proactive TTP-focused defense mechanisms, and understand why manual extraction of executable TTP intelligence from cyberattack reports is extremely time-consuming and labor-intensive for security experts. Learn about the limitations of current LLMs in accurately extracting TTP attack chains, even when enhanced with prompt engineering techniques or RAG (Retrieval-Augmented Generation) methods. Examine an innovative dual-context approach that significantly improves LLM performance by incorporating pre-defined TTP sets and extensive TTP knowledge graph data as contextual inputs. Follow the three historic phases of TTP intelligence extraction development - from the Bronze Age through the Silver Age to the current Golden Age breakthrough. Understand advanced combination strategies including LLM + BERT for precise re-ranking and LLM + RAG with TTP knowledge graphs to achieve rapid capture and transformation of modern threat intelligence. Gain insights into experimental results demonstrating notable improvements in both accuracy and practicality for automated TTP extraction and conversion into executable simulation attack scripts, enabling organizations to stay ahead of evolving security threats through more efficient and precise threat intelligence processing.
