COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 18 hours
CPE POINTS: On completion, you get a certificate granting you 18 CPE points.
Can you Vibe Code your way through building an Army of Automatic Pentesting AI Agents? How much can Automatic GenAI Agents really do? Can AI do some part or most of your job while you sleep? Will AI take over your job, or some parts in the near future? What do you need to do to stay ahead?
Use LLMs to become a 10X Pentester while having fun in the process.
A continuation of our previous course, focused exclusively on the exciting aspect of Automatic GenAI Agents. Take this course to stay ahead.
Who is this course for?
- Junior‑Mid Pentesters looking to build their own arsenal of tools and automation.
- Experienced Pentesters exploring areas outside their core competencies.
- Professionals interested in automation.
Why take it NOW?
Agentic AI gives us levels of freedom not possible before — AI that can Pentest while you sleep in, sip a margarita or go for a walk. Capabilities keep getting better and tokens cheaper. Stay on top of the latest models, jailbreaks, prompts and techniques.
Why this course?
Agents are coming. Take control of building your own agents, or agents will control you.
Gain a deep understanding of how to build agentic workflows, integrations and tools through this hands‑on course — automating and speeding parts of your Pentest engagements.
Course benefits:
What will you learn?
- Methodology for LLM jailbreaks.
- Advanced prompting techniques.
- Build agents using leading frameworks such as CrewAI, AutoGen and MCP.
- Best tooling for different types of Pentesting.
- Ethics considerations.
What tools will you use?
- OpenAI APIs
- Other LLM APIs
- Python
- Kali Linux
- Multiple open‑source offensive‑security tools
What skills will you gain?
- Build automatic AI agents.
- Better understanding of tooling for reconnaissance, phishing, web, AD and cloud security Pentesting.
- Ethics considerations.
Course general information:
Course format:
- Self‑paced
- Pre‑recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs and text
- All videos captioned
What will you need?
- OpenAI API key
- Kali Linux VM
- VS Code
What should you know before you join?
- Familiarity with Python programming language.
- Familiarity with the Pentest process.
YOUR INSTRUCTOR: ROBERT THOMAS
Robert Thomas is a Cyber‑Security professional working for one of the largest financial institutions in Europe. A long‑time systems engineer, network engineer and software developer with 15 years of experience. He has worked for Cisco, telecom ISPs, cloud providers, high‑frequency‑trading firms and financial banks. Robert has a broad range of knowledge and expertise, and is an avid ChatGPT and LLM user, generating new tools on the offensive and defensive side using LLMs.
COURSE SYLLABUS
Module 0
Before the course
A preview of what agents can do.
Module 1
Introduction: GenAI Agents — The Foundation
GenAI agents behave very differently from traditional predictable code automation. For the new writer it might require some reframing to get used to.
We look into the foundational concepts needed to build successful GenAI‑agent systems — how to strike the right balance of unpredictability, tool integration, memory and creativity.
Covered topics
- High‑level design of an AI agent.
- Call‑flow structure of an AI agent.
- Review of major agentic AI frameworks (CrewAI, AutoGen).
- Feature review of CrewAI.
- Ethics considerations.
Exercises
MISSING
Module 2
Agent01 — Ghost Recon (Reconnaissance)
Our first agent for this course, Ghost Recon focuses on reconnaissance and discovery phases. It takes an external view on a target and produces a list of entry points to the organization: sites, sub‑domains, key personnel, email addresses, exposed endpoints. It generates a threat model and performs attack‑surface reconnaissance on a target for additional entry points. It also serves as inspiration for other variations focusing on internal or bug‑bounty reconnaissance.
Covered topics
- Building AI agents.
- Tool integration such as web scraping, search, OSINT, GitHub, LinkedIn, DNS, email enumeration, Google Dorks.
Exercises
Rebels — Poisoned Intern
You build a recon agent that gains access to an intern’s credential and wreaks havoc performing internal reconnaissance using simple‑to‑guess and previously compromised credentials.
Module 3
Agent02 — The Phisher (Social Engineering)
We build an agent for your phishing needs. Phishing is still one of the main ways into organizations. LLMs are very good at creating context‑specific content and are expected to greatly alter the way phishing is conducted in the next few years. This agent takes traditional phishing tooling and infrastructure and adds automation to create new campaigns based on custom content for specific targets. The uses for this agent in Pentest and Red‑Team engagements are many.
Covered topics
- Building AI agents.
- Process of social‑engineering phishing.
- Tool integration such as: The Phish, reporting, email infrastructure.
Exercises
Rebels — The Forger
You build an agent to explore the possibilities of forging documents such as receipts or bills of lading with the help of LLMs — invoices or other artefacts that can be used as part of engagements.
Module 4
Agent03 — The Web Punisher (Web Pentesting)
We build an automatic web‑discovery, vulnerability and fuzzer agent that attempts to find holes in vulnerable websites through a combination of smart enumeration and brute force. Fuzzing and DAST tools are not new, but what happens if we combine them with planning, threat modelling and source‑code evaluation capabilities? This agent attempts to mimic as much as possible a web Pentest if you had unlimited scale, time and energy drinks. The non‑linear operation of GenAI agents is great at discovering flaws on websites.
Covered topics
- Building AI agents.
- Process of web Pentesting.
- Tool integration such as: version detection, vulnerability scanning, enumeration, ZAP, OWASP Top 10.
Exercises
Rebels — The Scraper
You build a simple agent to automate and identify “Sensitive Data Exposure” for a bug‑bounty programme.
Module 5
Agent04 — The Breacher (AD Pentesting)
We build an automatic agent to take on Active Directory. Most Pentest engagements break at the Active Directory level. We apply new tools to the old topic of Pentesting AD. Can we automate the process of breaching AD through a series of tools and agents so we can move on to more interesting things?
Covered topics
- Building AI agents.
- Process of Active Directory Pentesting.
- Tool integration such as: BloodHound, ldapsearch, adrecon, nmap, kerbrute, CrackMapExec.
Exercises
Rebels — The Knock‑out
Build an AI agent that tries previously exposed passwords and some likely variations. Someone must be re‑using them, right?
Module 6
Agent05 — Toxic Cloud (Cloud Pentesting)
We build an automatic agent to take on AWS‑cloud misconfigurations. The cloud can be safe when configured correctly; however, most environments suffer from misconfigurations. Can our agent navigate through a cloud environment, find misconfigurations and exploit them automatically — all while you are sipping margaritas?
Covered topics
- Building AI agents.
- Process of AWS‑cloud Pentesting.
- Tool integration such as: ScoutSuite, Pacu, S3Recon, S3Scanner, CloudFox.
Exercises
Rebels — CyberHog
You build an agent that escalates privilege by harvesting cloud credentials — applying knowledge gained throughout the course for your final assignment.
Final exam
40 questions.
OpenAI API, agent design, agentic‑AI concepts, general concepts on CrewAI, debugging GenAI agents.
QUESTIONS?
If you have any questions, please contact our e‑Learning Manager at [email protected].
Course Reviews
No Reviews found for this course.
