The Power of Words: Generating PowerShell Attacks from Natural Language

April 19, 2024 · Entered Twilight · 🏛 WOOT @ USENIX Security Symposium

Repo contents: .gitignore, LICENSE, README.md, imagesmd, notebooks, pwsh-execution-analysis, pwsh-syntax-analysis, requirements.txt, text-to-code

Authors Pietro Liguori, Christian Marescalco, Roberto Natella, Vittorio Orbinato, Luciano Pianese arXiv ID 2404.12893 Category cs.CR: Cryptography & Security Cross-listed cs.SE Citations 2 Venue WOOT @ USENIX Security Symposium Repository https://github.com/dessertlab/powershell-offensive-code-generation ⭐ 7 Last Checked 1 month ago

Abstract

As the Windows OS stands out as one of the most targeted systems, the PowerShell language has become a key tool for malicious actors and cybersecurity professionals (e.g., for penetration testing). This work explores an uncharted domain in AI code generation by automatically generating offensive PowerShell code from natural language descriptions using Neural Machine Translation (NMT). For training and evaluation purposes, we propose two novel datasets with PowerShell code samples, one with manually curated descriptions in natural language and another code-only dataset for reinforcing the training. We present an extensive evaluation of state-of-the-art NMT models and analyze the generated code both statically and dynamically. Results indicate that tuning NMT using our dataset is effective at generating offensive PowerShell code. Comparative analysis against the most widely used LLM service ChatGPT reveals the specialized strengths of our fine-tuned models.