11-22, 09:35–11:35 (Europe/Vienna), Workshop Room
A lot of companies are bragging with their "AI enabled Security Testing Solutions", and a lot of them are not very good. Learn how you can build your own that is less bad, more fun and best of all, understand what is actually possible at the moment and what most definitely is not (no matter what certain marketing departments claim).
In this workshop, we will go through the general notions of using LLMs for automation, with a focus on offensive security tasks.
Given current scientific evaluations and building from personal experience, we will walk through several techniques, starting from simple text completion and building up to a full multi-agent framework (including information on what will still not work with the current iterations of those).
In the end, the goal is to understand what something like this can be used for, how you can build it yourself and why we don't need to fear the terminator coming just now.
Please bring:
- Laptop with Python installed and an internet connection (venue has WIFI)
Optional but good:
- Your own API key for an LLM Provider (recommendation is to use OpenRouter, especially since there are some free models available via that)
- A problem you want to apply the experiments to (the more difficult the problem, the less help I will be able to give you when something goes wrong, but you can directly apply your newfound skills)
Manuel is a pentester, programmer and researcher for how bad those darn AI systems actually are by now. He is also part of the KuK Hofhackerei and has made sure that everybody got to this year's DefCon and back home safely.