THE article discusses a recent incident where an attacker utilized AI to create a custom PowerShell script for Active Directory (AD) reconnaissance. The script, identified by Huntress, was found on a compromised Windows Server, and it was uniquely generated rather than sourced from existing toolkits. The script, titled '100% Working AD Information Gathering Script – FULLY FIXED,' aggressively gathered AD data, showing the evolving tactics of cybercriminals who now blend traditional methods with AI-augmented tools.
Huntress emphasized that while AI generated this script, the attack methodology remains similar to established intrusion techniques, focusing on speed and aggression rather than stealth. The report highlighted several phases of the attack, from obtaining RDP access using stolen credentials to running the reconnaissance script and compiling a formatted HTML report of the findings.
The unique characteristics of AI-generated code make detection through traditional means challenging, prompting a call for defenders to adopt behavioral analytics to track malicious activities instead of relying solely on static signatures.