Interesting News/Tools/Stuff in AI and Cyber January-April 2024
A list of recent interesting News/Tools/Stuff in AI and Cyber – January-April 2024.
AI/LLM:
Grok-1 open-weights model. https://github.com/xai-org/grok-1
GPT4ALL – Updated version. Open-source large language models that run locally on your CPU and nearly any GPU. https://github.com/nomic-ai/gpt4all
Build LLM from scratch - educating. https://github.com/rasbt/LLMs-from-scratch
flowGPT.com a collection of LLM based and prompt-engeneering custom chats, including malware generation. (Not always working as expected)
Training Deceptive LLMs that Persist Through Safety Training. Also contains the few-shot prompts used to generate the backdoor training data used to train backdoored models. https://github.com/anthropics/sleeper-agents-paper
An advanced Open-Source Intelligence tool, leveraging Artificial Intelligence to revolutionize information gathering and situational analysis. https://github.com/taranis-ai/taranis-ai
A Multi-Model LLM Powered Agent to automatically solve Captchas. https://github.com/AashiqRamachandran/i-am-a-bot
Imperio is an LLM-powered backdoor attack. It allows the adversary to issue language-guided instructions to control the victim model's prediction for arbitrary targets. https://github.com/hkucs-kachow/Imperio
Security:
New Ghidra version released: https://github.com/NationalSecurityAgency/ghidra/releases/tag/Ghidra_11.0.3_build
Nice Yara tool for local use. https://yaradbg.dev/
S4Killer – Process killer using BYOVD. probmon.sys Minifilter driver in this case. Git repo was deleted, but the tool is still accessible on other platforms.
DarkWidow is a Dropper/PostExploitation Tool – implementing Indirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird (and a few more ), all with a detailed explanation https://github.com/reveng007/DarkWidow.
Mergen - is a tool engineered to convert Assembly code into LLVM Intermediate Representation (IR), makes the deobfuscation or devirtualization of obfuscated binary code easier and faster during reverse engineering https://github.com/NaC-L/Mergen.
A payload creation tool used for circumventing EDR security controls to execute shellcode in a stealthy manner. Freeze.rs utilizes multiple techniques to not only remove Userland EDR hooks, but to also execute shellcode in such a way that it circumvents other endpoint monitoring controls. Written in RUST. https://github.com/Tylous/Freeze.rs
Payload creation framework designed around EDR bypass written in GOLANG. https://github.com/Tylous/ScareCrow (Not new - it utilizes a technique to flush an EDR’s hook out of the system DLLs running in the process's memory)
A new approach to bypass EDR's inline hooking by utilizing hardware breakpoint to redirect the syscall. https://github.com/senzee1984/MutationGate
Threat Intel and General:
Visual Studio Extensions observed performing malicious actions. Overall SupplyChain attack raised in 1300%! During 2020-2023. https://www.reversinglabs.com/blog/malicious-helpers-vs-code-extensions-observed-stealing-sensitive-information
Evilginx 3.3 – New version of the well-known Phishing framework, now officially integrated with GoPhish service. Next promised update would be Evilgnix Pro – I assume will include LLM support taking the phishing to next level.
Extremely interesting blog on chasing after a malware developer. https://medium.com/@aleksamajkic/fake-sms-how-deep-does-the-rabbit-hole-really-go-17e25c42f986
WeRedEvil Israel Cyber Group opens an online Cyber-Course to fund their activity. One of the topics is “Usage of AI technology for Cyber Attacks on organizations”. (Cost 500$)
Formerly known as axiom, swarm is the next generation of distributed cloud scanning and attack surface monitoring. https://github.com/swarmsecurity/swarm
A sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits. https://github.com/xaitax/SploitScan
Large RAT Collection. https://github.com/yuankong666/Ultimate-RAT-Collection
Rust malware DB https://github.com/cxiao/rust-malware-gallery.
During January 1 - April 14 there are 1,307 documented Ransomware victims.