The Pivotal Role of Large Language Models in Extracting Actionable TTP Attack Chains
Black Hat Asia 2025 · Day 2 · Briefings
In an era where cybersecurity threats are constantly evolving, the ability to rapidly understand, extract, and operationalize adversary Tactics, Techniques, and Procedures (**TTPs**) is paramount for effective defense. This talk, delivered by Lauri and Para from 360 at Black Hat Asia, addresses the critical challenges in converting human-readable threat intelligence reports into actionable TTP attack chains. It introduces an innovative solution leveraging **Large Language Models (LLMs)** in conjunction with a **Knowledge Graph-enhanced Retrieval Augmented Generation (KG-RAG)** framework to automate this complex process.
AI review
This talk presents a highly sophisticated and practical solution for a critical problem: transforming raw threat intelligence into actionable TTP attack chains. By integrating Large Language Models with a Knowledge Graph-enhanced Retrieval Augmented Generation (KG-RAG) framework, the speakers have developed a pipeline that not only accurately extracts TTPs but also systematically enriches incomplete chains and generates diverse, executable intelligence artifacts, including the truly novel capability to generate new Metasploit modules on demand. This is a significant leap beyond superficial…