COURSE IS SELF-PACED, AVAILABLE ON DEMAND
DURATION: 18 hours
CPE POINTS: On completion, you get a certificate granting you 18 CPE points.
The course starts on the 2nd of September.
AI is all over the news. Politicians are concerned about its potential for Hacking, Phishing and Malware. Is it true? Microsoft has found APTs using ChatGPT already. How good is it? As a Pentester, what are you missing out on? Might AI take over your job? Take this course to stay ahead.
Who is this course for?
Junior to mid-level pentesters looking to build their own arsenal of tools and automation.
Experienced pentesters exploring areas outside their core competencies.
Why take it NOW?
The time to leverage LLMs, API and other models is now. Stay on top of the latest models, jailbreaks, prompts and techniques.
Why this course?
A broad, in-depth, hands-on course on the best cases we have found so far for ChatGPT to sharpen your skills and tools as a Pentester.
Course benefits:
What will you learn about?
- Methodology for ChatGPT JailBreaks.
- Advanced Prompting Techniques.
- Other Pentest Focused LLMs.
What tools will you use?
- ChatGPT
- OpenAI APIs
- Python
- Kali Linux
- White Rabbit
What skills will you gain?
- Automate Boring Report Generation with ChatGPT.
- Interact with ChatGPT via APIs for advanced automation.
- Convince ChatGPT to Write Malware for you.
- Write Pentesting Tools with the aid of ChatGPT.
- Integrate ChatGPT with your Kali Command Line.
Course general information:
Course format:
- Self-paced
- Pre-recorded
- Accessible even after you finish the course
- No preset deadlines
- Materials are video, labs, and text
- All videos captioned
What will you need?
- OpenAI API Key
- Kali Linux VM
- VSCode
What should you know before you join?
- Familiarity with Python Programming Language.
- Familiarity with the Pentest Process.
YOUR INSTRUCTOR: ROBERT THOMAS
Robert Thomas is a Cyber Security Architect working for one of the largest financial institutions in Europe. A long time Systems Engineer, Network Engineer and Software Developer with 15 years of experience. Worked previously for CISCO, Telecom ISPs, Cloud Providers, High Frequency Trading Firms, and Financial Banks. Robert has a broad range of knowledge and expertise. An avid ChatGPT and LLM user to generate new tools on the Offensive and Defensive side using LLMs.
COURSE SYLLABUS
Module 1
Introduction - The Dark Side of LLMs
LLMs are taking over the world. There's a lot of fear and hype around the future of these technologies. OpenAI has claimed to put a lot of effort into putting up guard rails and AI Safety. But does it work? According to Microsoft, APTs are already using ChatGPT. You will learn a few frameworks to bypass safety features of LLMs.
Covered topics
- The state of Research on LLMs for Offensive Security.
- Pentesting Ethics - In the LLM World.
- ChatGPT - Strategies for Jailbreaks. Make it do “Forbidden” things.
- ChatGPT - Under the Hood - The power of the API.
Exercises
Into the Matrix
Connect to OpenAPI APIs via Python.
These exercises will put you on your way to use ChatGPT as a tool to build additional tools for your pentest arsenal.
BreakFree (optional)
Write your own JailBreak prompt.
As new models are released, older Jailbreak prompts might stop working. You will learn an approach to hopefully bypass future Guard Rails introduced.
Module 2
ChatGPT for Writing Offensive Tools
An area where LLMs excel is at writing code and tools. Some pentesters get their work done by using other people’s tools or frameworks and write little tools of their own. Other pentesters write a lot of custom tools or customize other people's tools. While pentesting is not software development, LLMs bring new capabilities to customize your toolset to suit your needs. LLMs lower the bar and cost to write and maintain your own tools, scripts or modification to other tools. The benefit of your own custom tools is they are not fingerprints and are more effective against a wide range of detection. Some tools are offensive, some tools automate the boring work.
Covered topics
- Automate the Boring Stuff with LLMs - Pentesting Reports.
- ChatGPT - High Quality Phishing - Smishing and Fake Documents.
- ChatGPT - Create a Custom Simple Scanner
- ChatGPT - Your own Vulnerability Scanner
- ChatGPT - Write Bug Bounty PoC Script
Exercises
IseeYou
Write your own hybrid Passive - Active Scanner that is highly stealthy.
Reporting is no friend
Write your own Python script (with the help of ChatGPT) to Generate Management Reports out of Nuclei reports, with a nice explanation generated by ChatGPT.
Module 3
ChatGPT as a Pentest Copilot
In 2024 research, ChatGPT4 outperformed 88% of Pentesters while playing CTF. Is ChatGPT ready to take over your job? In the same research it was found the “Human in the Loop” approach ranked higher than traditional Pentesters or GPT4 alone.
In this module, you will learn the capabilities, advances and techniques to use ChatGPT as a Pentest Copilot.
Covered topics
- ChatGPT - Taking the lead on a CTF
- ChatGPT vs WhiteRabbit
- ChatGPT - Directly on your Kali CLI
Exercises
Destroy the Robot Factory
You will assist ChatGPT on a CTF Machine, to see if working together as a team can claim the loot and the glory, before machines turn over on us.
Module 4
ChatGPT for Malware
ChatGPT is great for writing code. Malware is just code that someone deemed too dangerous. Can ChatGPT Write Malware? How good? Can you use the generative, and creative ways of LLMs to write “less fingerprinted” malware tools for your engagements? Advanced Malware is limited by cost and R&D. LLMs change the equation of cost, making it a new field.
This module serves as an introduction to malware writing. It provides a framework and some techniques and perspectives that might be useful to viewers.
Covered topics
- ChatGPT - Write Malicious Code - Macros and LNK Files.
- ChatGPT - With your own simple C&C in Python.
- ChatGPT - Evasive Fancy Polymorphic Python.
Exercises
U-Click-I-Win
Write a stage 0 loader, with the help of ChatGPT, and use variations to get new fingerprints every time.
Final exam
Jailbreak, Prompt Techniques, OpenAI APIs. RolePlaying. Ethical Considerations. Approaches to Polymorphism.
QUESTIONS?
If you have any questions, please contact our eLearning Manager at [email protected].
Reviews
There are no reviews yet.