Select a country Global - English
Contact Us

NTTDATA-CERT Member Presents Arsenal Session at Black Hat USA 2025

Presentation by our NTTDATA-CERT member selected for Black Hat USA 2025, an international cyber security conference.

Overview

NTT DATA, a global leader in digital business and technology services, today announced that three open-source cybersecurity tools created by its employees will be presented at Black Hat USA 2025. The tools (SigmaOptimizer, Hayabusa, and Suzaku) were chosen for their technical capabilities, use of large language models (LLMs), and real-world applicability in strengthening incident response, threat detection and digital forensics capabilities.

Session Overview

Empowering Security Teams with AI and Open-Source Innovation

In the face of an increasingly complex and evasive threat landscape, security teams struggle to keep pace with the rapid evolution of threat actors' tactics. The open-source tool SigmaOptimizer addresses this by automating the end-to-end generation, validation and refinement of Sigma rules, which are essential for detecting attacks across IT environments.
NTT DATA Group's Yusuke Nakajima, SigmaOptimizer's creator, will explain how the tool uses LLMs and real-world attack logs to:

  • Generate detection rules (not just public threat reports)
  • Automatically validate and test rules
  • Streamline security operations and reduce manual workloads

Forensics Made Faster and Accessible: Hayabusa and Suzaku

NTT DATA employees partnered with Japanese security community, Yamato Security, to develop two additional tools -Hayabusa and Suzaku- to simplify and accelerate digital forensics and incident response (DFIR).
NTT DATA Group's Fukusuke Takahashi will be joined on two panels by Zach Mathis from Kobe Digital Labo Inc. and Akira Nishikawa from Kaminashi Inc. to discuss:

  • How Hayabusa rapidly parses Windows event logs, surfacing threats with high accuracy using over 4,000 integrated Sigma rules.
  • How Suzaku offers enables faster response times in cloud environments using cloud log analysis and visualization.

Both tools are optimized for ease-of-use, offering advanced capabilities through simple command-line interfaces, and are freely available to the global cybersecurity community.

NTTDATA-CERT

NTTDATA-CERT, to which the speaker belongs, is the CSIRT organization (Computer Security Incident Response Team) of the NTT DATA Group. NTTDATA-CERT works with domestic and international organizations on security measures to prevent and respond to incidents.

In addition, NTTDATA-CERT is promoting efforts to contribute to the improvement of society's security, and as an example, we are developing and promoting open source tools such as SigmaOptimizer/Hayabusa/Suzaku, which will be explained in this presentation.

Speakers

Fukusuke Takahashi

Fukusuke Takahashi

Assistant Manager, NTT DATA Group Corporation

Fukusuke Takahashi has been with NTTDATA-CERT (NTT DATA Group Corporation's CSIRT) since 2018, specializing in IR, OSINT, and SOAR. He is a member of Yamato Security and one of the core developers of the OSS tools "Hayabusa" and "Suzaku". He enjoys fixing bugs and reporting vulnerabilities in OSS Blue Team tools and has published multiple CVEs. He has presented at conferences such as the Annual FIRST Conference, SECCON, and SecTor 2024.

Speaker information on Black Hat 2025 website
Yusuke Nakajima

Yusuke Nakajima

Deputy Manager, NTT DATA Group Corporation

Joined NTT DATA Group in 2019, selling solutions in image processing and natural language processing as a sales representative. Transferred to the company's CSIRT team "NTTDATA-CERT" in April 2023, engaging in incident response, IoC collection and distribution, Threat hunting, and streamlining CSIRT operations using LLMs. Also deeply interested in offensive security activities such as C2 framework development, OSS vulnerability research (6 CVEs identified), and participation in bug bounty programs. CISSP, OSTH, JSAC 2025 Speaker, BSides Tokyo 2025 Speaker.

Speaker information on Black Hat 2025 website
Date and Time
August 2-7, 2025
Location
Mandalay Bay / Las Vegas
Share Event
Visit the event website

Program of activities

Wednesday, August 6
3:00pm-3:55pm
Windows Fast Forensics With Yamato Security's Hayabusa
Speakers:
Zach Mathis
Fukusuke Takahashi
Akira Nishikawa

Location:
Business Hall, Arsenal Station 9
Thursday, August 7
10:00am-10:55am
Cloud Log Fast Forensics with Yamato Security's Suzaku
Speakers:
Zach Mathis
Fukusuke Takahashi
Akira Nishikawa

Location:
Business Hall, Arsenal Station 8
2:00pm-2:55pm
SigmaOptimizer: Leveraging LLM and Real-world Logs for End-to-End Sigma Rule Generation and Optimization
Speaker:
Yusuke Nakajima

Location:
Business Hall, Arsenal Station 6