Threat Hunting with LLM: From Discovering APT SAAIWC to Tracking APTs with AI

Explore a 24-minute Black Hat conference talk that demonstrates how Large Language Models (LLMs) revolutionized threat hunting, beginning with the discovery of APT SAAIWC in December 2022. Learn how security researchers from DBAPPSecurity leveraged LLMs to rapidly identify additional attack samples from this Advanced Persistent Threat group, enabling them to be the first to disclose these attack activities. Discover practical applications of LLMs across multiple threat hunting stages, including filename-based threat hunting, automated YARA rule generation for sample hunting, and broader applications in threat intelligence. Presented by senior security researchers Hongfei Wang, Dong Wu, and Yuan Gu, this talk provides valuable insights into how artificial intelligence is transforming cybersecurity threat detection and analysis methodologies.