SysAdmin Weekly
Avsnitt

049 - How Do Attackers Use Local LLMs to Phish At Scale?

Dela

Ask Claude or ChatGPT to write a phishing email and it politely refuses; pull the right open-weight model onto your own laptop and that refusal layer simply does not exist in many cases.


Andy brings his InfoSecurity Europe session to the show, and Eric Siron joins to walk through how threat actors run local LLMs on their own hardware to generate targeted spear phishing at scale, in any language, with no internet connection and no guardrails.


The guys break down what the attack workflow actually looks like, why these capabilities never disappear once a model is downloaded, and where the real defensive line sits. Spoiler: "spot the typo" awareness training is dead, and verification culture plus strong email authentication is what carries the load now.


## Chapters:


00:00:00 - Cold Open: Local LLMs and Phishing at Scale

00:01:37 - Welcome Back and InfoSecurity Europe

00:03:55 - News React: Washington Pumps the Brakes on Fable

00:06:46 - News React: NY Ghost Gun Printing Law and Google AI Liability

00:12:07 - Nerd Hour: Camera Gear and Mac Studio Dreams

00:13:27 - Nerd Hour: Building the InfoSec Demo

00:15:55 - Show Plugs and Community Links

00:17:00 - Main Topic: What Local LLMs Actually Are

00:21:23 - The Guardrail Gap: Cloud Refuses, Local Complies

00:26:55 - The Demo: 15 Tailored Spear Phishing Lures in 90 Seconds

00:30:04 - Why These Capabilities Never Go Away

00:32:59 - AI on the Defensive Side

00:39:01 - Voice Cloning, Deepfakes, and SPF for Phones

00:46:20 - The Low-Tech Deepfake Defense

00:47:26 - Why Spot-the-Typo Training Is Dead

00:50:09 - Verification Culture and Email Authentication

00:54:32 - Common Questions: Legality, Detection, and Adoption

01:00:18 - Wrap Up: Stay Safe Out There


## Resources / Show Notes:


- Ollama, the easiest way to run open models locally: https://ollama.com


- Hugging Face, open repository of machine learning models: https://huggingface.co


- OpenCode, terminal coding agent that runs against local models: https://opencode.ai


- Evilginx, reverse-proxy phishing framework referenced in the demo: https://github.com/kgretzky/evilginx2


- SysAdmin Weekly Episode 024 - On-Prem AI with Ollama (Spotify): https://open.spotify.com/episode/1Huz7fy7axxOqjXei1HLI0


- SysAdmin Weekly - all show links in one place: https://www.sysadminweekly.com


- SysAdmin Weekly Newsletter: https://newsletter.sysadminweekly.com


- SysAdmin Weekly GitHub Discussions: https://github.com/ProjectRunspace/sysadmin-weekly/discussions


- Project Runspace: https://www.projectrunspace.org


- AndyOnTech: https://www.andyontech.com


Podden och tillhörande omslagsbild på den här sidan tillhör Andy Syrewicze and Eric Siron. Innehållet i podden är skapat av Andy Syrewicze and Eric Siron och inte av, eller tillsammans med, Poddtoppen.