SentinelOne VS BlackMamba ChatGPT Polymorphic Malware

Learn how to defend against BlackMamba-style attacks in this informative video. A BlackMamba-style attack involves requesting code generation from ChatGPT, followed by the packaging of that code for delivery and execution on a target. This type of attack is used to evade modern EDR/XDR detection systems.

In this demo, we take a similar approach by having ChatGPT generate keylogging+VSS removal code (in Python). We then manually walk through the steps of submitting the ‘malicious’ request to ChatGPT and moving that code to an actual Python script. We use the auto-py-to-exe tool to convert our code to an .EXE file ready for execution.

However, when we launch the threat, it is detected and terminated by SentinelOne Singularity™ Endpoint. At the end of the day, malicious code is malicious code. Regardless of the source, SentinelOne Singularity™ Endpoint is able to detect and prevent BlackMamba-style attacks.