SANS AI Cybersecurity Forum - Your Journey to the GenAI-DFIR Era Starts Today!
 | [24/04/25] Apr 25, 2024 Jess Garcia - One eSecurity Twitter: j3ssgarcia - LinkedIn: garciajess |
Thanks to those attending my talk at the SANS AI Cybersecurity Forum!
On this page, you will find a list of resources mentioned during the talk that I hope will help you and the Community.
But that's not all! This is a great occasion for us, and we wanted to use the opportunity to share with the Community tools that we have been improving during the last year.
Title
Your Journey to the GenAI-DFIR Era Starts Today!
Abstract
How exactly will Generative AI (GenAI) change the way Forensicators & Hunters work today?
In this talk Jess Garcia will answer that question by presenting everything you need to know to integrate GenAI in your everyday DFIR tasks and get ready for this new era.
Jess will cover the most important concepts, tools & resources you need to know related to GenAI for DFIR, will describe how to apply them to everyday DFIR tasks and will elaborate on AI-Agents (orchestrators capable of coordinating data sources, LLMs and Tools), the most promising technology today to address many of the complex analysis tasks that Forensicators perform today.
Jess will practically demonstrate how an AI-Agent DFIR Co-Pilot can be easily used to process and analyze forensic artifacts, and how AI-Agents can autonomously solve many of the most challenging tasks that we face in our investigations today.
Presentation
To start with, you can download the presentation & demo here:
- Presentation: jess_garcia-genai_dfir-sans_ai_forum-v1.0.pdf
- Demos:
- Demo #1: LLMs for Threat Detection & Response (https://www.youtube.com/watch?v=RzvEsnyjLeU&t)
- Demo #2: LLM-Agents for Cyber Threat Intelligence (https://www.youtube.com/watch?v=MjqAJTAzUN4&t)
- Demo #3: LLM-Agents for Threat Hunting (TH) (https://www.youtube.com/watch?v=95MYzwnMVwY)
- Demo #4: LLM-Agents for Digital Forensics & Incident Response (https://www.youtube.com/watch?v=BK_8punSILc)
References
You can find more information about the projects and tools referenced in the presentation:
From Narrow AI to Generative AI - TOP Projects and Tools:
Generative AI for Cybersecurity:
Large Language Models (LLMs)
| LLM | Link |
|---|---|
| ChatGPT | https://chat.openai.com/ |
| Gemini | https://gemini.google.com/app |
| Llama-2 & 3 | https://www.llama2.ai/ |
| Llava | https://llava.hliu.cc/ |
| Mixtral-8x7B | https://deepinfra.com/mistralai/Mixtral-8x7B-Instruct-v0.1 |
| Ollama | https://github.com/ollama/ollama |
DEV Frameworks:
| Topic | Links |
|---|---|
| Prompt Engineering | https://platform.openai.com/tokenizer (OpenAI Tokenizer) https://www.promptingguide.ai (Prompt Engineering Guide) https://help.openai.com/en/articles/6654000-best-practices-for-prompt-engineering-with-the-openai-api (Best practices for Prompt Engineering ) |
| LLMs & Agents | https://www.langchain.com/ (Langchain) https://docs.llamaindex.ai/ (Llama Index) https://github.com/ggerganov/llama.cpp://github.com/ggerganov/llama.cpp (Llama C++) https://github.com/openai/openai-python (OpenAI API) https://huggingface.co/ (Hugging Face) |
Additional Resources:
- ChatGPT for Blue Teams - DS4N6 Youtube: https://www.youtube.com/watch?v=RzvEsnyjLeU
Thanks! Let's Stay In Touch!
Again, thank you very much for attending my presentation. I hope you enjoyed it, you learnt, and it will open your appetite to learn more about Data Science, Machine Learning and DFIR.
You can also:
- Follow me on Twitter: @j3ssgarcia
- Attend the courses at teach at SANS: FOR500, FOR508, FOR610, FOR578, FOR585, …
- If you need professional DFIR help of any kind, contact me at One eSecurity
Hope to meet you personally in any corner of the world one of these days!
Jess Garcia
DS4N6 - Project Lead / One eSecurity - Founder / SANS - Senior Instructor
Follow us: Twitter: @ds4n6_io - RSS News Feed - Youtube