Jun Miura
Jun Miura is a security researcher with Fujitsu Defense & National Security LTD (FDNS). After working as a security engineer at a financial company in Japan, he had experienced vulnerability assessment, penetration testing, and red teaming at Secureworks since 2022. From November 2023, he joined the current department at FDNS, and he is mainly focused on Offensive Security, especially Active Directory / Entra ID attacks and EDR / Anti Virus Bypass techniques. In addition, he has been involved in Threat Hunting research from an attacker's perspective using his knowledge and experience as a red teamer.
Currently, he is also focused on local LLM, especially its usage in cyber security and the attack against it. He is also a Ph.D student at Okayama University in Japan.
Session
Threat hunting is a proactive approach for identifying undetected threats within an organization's environment, and it requires various sophisticated skills.
RAGnarok is an assisting tool for the threat hunting process with Large Language Model (LLM). It can generate a Sigma rule automatically for a specific attack technique based on threat intelligence.
As the threat hunting strongly depends on environmental elements that are often regarded as confidential information, RAGnarok adopts a local LLM. RAGnarok can collect and interpret the environmental information autonomously, then reflect it in the generated results without uploading any information to the Internet.
To achieve better results with limited computer resources, RAGnarok is based mainly on 3 technologies: "Quantized LLM", "Retrieval-Augmented Generation (RAG)", and "Multi-Agent System". Quantized LLM can make the execution faster, and the RAG mechanism enables RAGnarok to avoid hallucination and improve the accuracy of the generated result without fine-tuning. In addition, combining RAG with a multi-agent system allows the application to gain deeper specialization. These technologies can allow RAGnarok run on CPU only machine and generate practical outputs.
This talk provides the technical details of RAGnarok, a demo, know-how, and tips obtained by developing it.