Seiga Ueno

Seiga joined NTT DOCOMO BUSINESS, Inc. as a new graduate in 2025. As an Offensive Security Engineer, he researches adversary techniques from an attacker’s perspective and supports Red Team operations.

LLM-Based Natural Language Steganography for Covert C2 Communications

This presentation explores a potential future threat model for C2 (Command and Control) communication from an attacker’s perspective, with a focus on the implications for defenders. As monitoring of C2 traffic becomes increasingly sophisticated, simply encrypting payloads may no longer be sufficient to avoid detection. In some cases, high-entropy or otherwise unnatural data can itself become a signal for defenders.
Against this backdrop, the talk focuses on natural language steganography using large language models (LLMs): embedding hidden information into seemingly ordinary text. Through a proof of concept (PoC), it examines how commands and host status information could be concealed in natural language to enable covert C2 communication. It also discusses the possibility of using public platforms such as social media or websites as communication channels, and considers how defenders might detect and analyze this kind of activity when content inspection alone is no longer enough.