Event: Black Hat USA
Location: Las Vegas, Nevada
Format: Arsenal
Track: Malware
Recent advances in Windows AI/ML APIs now enable the direct integration of AI/ML models into post-exploitation DLLs, allowing them to run within active Cobalt Strike sessions for enhanced on-target classification. This work presents two examples of such integration. The first leverages a custom-trained model to detect passwords in text extracted from documents. The second adapts an open-source embedding model into a compatible format, enabling semantic search capabilities within the target environment.