Leveraging Large Language Models to Enhance Insider Threat Investigation Capabilities

Explore innovative approaches for utilizing Large Language Models (LLMs) in cybersecurity investigations during this conference talk from HITB2024BKK COMMSEC Day 2. Learn about novel methods for tracing and deterring unauthorized text data exfiltration across air gaps, where traditional digital forensic analysis faces challenges. Discover how semantic watermarking techniques, implemented through LLMs like Senku 70B, can help identify malicious insiders and compromised users by creating deterministic associations with individual actors. Examine both simple and sophisticated practical applications, understand deployment tradeoffs, and explore potential extensions of these capabilities to audio and video data. Delivered by a seasoned DFIR practitioner with over 12 years of experience in offensive security and insider threat investigations, gain insights into combining offensive security mindset with blue team defense strategies.