Pietro Liguori, Christian Marescalco, Roberto Natella, Vittorio Orbinato, and Luciano Pianese, DIETI, Università degli Studi di Napoli Federico II
As the Windows OS stands out as one of the most targeted systems, the \textit{PowerShell} language has become a key tool for malicious actors and cybersecurity professionals (e.g., for penetration testing). This work explores an uncharted domain in AI code generation by automatically generating offensive PowerShell code from natural language descriptions using Neural Machine Translation (NMT). For training and evaluation purposes, we propose two novel datasets with PowerShell code samples, one with manually curated descriptions in natural language and another code-only dataset for reinforcing the training. We present an extensive evaluation of state-of-the-art NMT models and analyze the generated code both statically and dynamically. Results indicate that tuning NMT using our dataset is effective at generating offensive PowerShell code. Comparative analysis against the most widely used LLM service ChatGPT reveals the specialized strengths of our fine-tuned models.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
This content is available to:
author = {Pietro Liguori and Christian Marescalco and Roberto Natella and Vittorio Orbinato and Luciano Pianese},
title = {The Power of Words: Generating {PowerShell} Attacks from Natural Language},
booktitle = {18th USENIX WOOT Conference on Offensive Technologies (WOOT 24)},
year = {2024},
isbn = {978-1-939133-43-4},
address = {Philadelphia, PA},
pages = {27--43},
url = {https://www.usenix.org/conference/woot24/presentation/liguori},
publisher = {USENIX Association},
month = aug
}
