In this episode of Talos Takes Hazel sits down with Talos' Bill Largent and Craig Jackson to discuss the latest Cisco Talos Incident Response Quarterly Trends Report (Q3 2025). From a wave of Toolshell events, to a rise in post-exploitation phishing, and the misuse of legitimate tools like Velociraptor, this quarter’s cases all point to a theme: attackers are getting very good at living off what’s already in your environment. Read the full report at https://blog.talosintelligence.com/ir-...
All content for Talos Takes is the property of Cisco Talos and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
In this episode of Talos Takes Hazel sits down with Talos' Bill Largent and Craig Jackson to discuss the latest Cisco Talos Incident Response Quarterly Trends Report (Q3 2025). From a wave of Toolshell events, to a rise in post-exploitation phishing, and the misuse of legitimate tools like Velociraptor, this quarter’s cases all point to a theme: attackers are getting very good at living off what’s already in your environment. Read the full report at https://blog.talosintelligence.com/ir-...
Teaching LLMs to spot malicious PowerShell scripts
Talos Takes
16 minutes
4 months ago
Teaching LLMs to spot malicious PowerShell scripts
Hazel welcomes back Ryan Fetterman from the SURGe team to explore his new research on how large language models (LLMs) can assist those who work in security operations centers to identify malicious PowerShell scripts. From teaching LLMs through examples, to using retrieval-augmented generation and fine-tuning specialized models, Ryan walks us through three distinct approaches, with surprising performance gains. For the full research, head to https://www.splunk.com/en_us/blog/security/gui...
Talos Takes
In this episode of Talos Takes Hazel sits down with Talos' Bill Largent and Craig Jackson to discuss the latest Cisco Talos Incident Response Quarterly Trends Report (Q3 2025). From a wave of Toolshell events, to a rise in post-exploitation phishing, and the misuse of legitimate tools like Velociraptor, this quarter’s cases all point to a theme: attackers are getting very good at living off what’s already in your environment. Read the full report at https://blog.talosintelligence.com/ir-...
