Penetration Testing for LLMs

Focused View

Christopher Nett

3:11:00

0 View

1. Introduction

1. Introduction.mp4

00:52

Files.zip

2. Basics - Generative AI

1. What is Generative AI (GenAI).mp4

01:31

2. What is a Large Language Model (LLM).mp4

02:39

3. What is a Prompt.mp4

03:41

4. AI Models.mp4

01:20

5. LLM Architecture.mp4

02:39

6. How Adversaries Leverage AI.mp4

03:33

7. Microsoft Responsible AI.mp4

02:56

8. Shared Responsibility in AI.mp4

04:02

3. Penetration Testing

1. What is Penetration Testing.mp4

02:19

2. Penetration Testing in Cyber Security.mp4

02:33

3. Red Teaming vs. Penetration Testing.mp4

04:23

4. The Importance of Penetration Testing for GenAI.mp4

01:22

5. Threat Vectors for GenAI.mp4

03:48

4. The Penetration Testing Process for GenAI

1. Overview.mp4

01:11

2. Planning and Preparation.mp4

01:57

3. Reconnaissance.mp4

01:33

4. Scanning & Enumeration.mp4

00:48

5.1 PyRIT.html

5. Vulnerability Assessment.mp4

01:54

6. Exploitation.mp4

01:02

7. Post Exploitation.mp4

01:57

8. Reporting.mp4

01:21

9. Remediation & Lessons Learned.mp4

01:30

5. MITRE ATT&CK

1.1 ATT&CK.html

1. What is ATT&CK.mp4

01:58

2. Mapping ATT&CK to the Pyramid of Pain.mp4

02:20

3. Matrices.mp4

01:33

4. Tactics.mp4

04:58

5. Techniques.mp4

03:13

6. Subtechniques.mp4

04:14

7. Tactics, Techniques & Subtechniques.mp4

01:14

8. Data Sources.mp4

01:19

9. Detections.mp4

01:26

10. Mitigations.mp4

02:14

11. Groups.mp4

02:40

12. Software.mp4

01:36

13. Campaigns.mp4

03:20

14. Relations.mp4

01:57

15.1 ATT&CK.html

15. Demo ATT&CK Enterprise Matrix.mp4

14:42

6. MITRE ATLAS

1.1 ATLAS.html

1. What is MITRE ATLAS.mp4

00:44

2. Tactics.mp4

01:16

3. Techniques.mp4

01:44

4. Subtechniques.mp4

01:08

5. Tactics, Techniques, Subtechniques.mp4

00:37

6. Mitigations.mp4

01:53

7. Case Studies.mp4

01:32

8. Case Study I Microsoft Azure Service Disruption.mp4

01:20

9. Case Study II PoisonGPT.mp4

01:12

10. Case Study III ChatGPT Plugin Privacy Leak.mp4

01:22

11.1 ATLAS.html

11. Demo ATLAS Matrix.mp4

02:35

7. OWASP Top 10 for LLMs

1. What is OWASP.mp4

01:13

2. OWASP Top 10 - LLM Security Risks.mp4

05:48

8. Attacks and Countermeasures for GenAI

1. Prompt Injection.mp4

03:30

2. Insecure Output Handling.mp4

02:28

3. Training Data Poisoning.mp4

03:08

4. Model Denial-of-Service.mp4

03:27

5. Supply Chain Vulnerabilities.mp4

02:28

6. Sensitive Information Disclosure.mp4

04:18

7. Insecure Plugin Design.mp4

02:29

8. Excessive Agency.mp4

02:10

9. Overreliance.mp4

03:08

10. Model Theft.mp4

01:29

9. Case Study I Exploit a LLM

1.1 Portswigger.html

1. Demo Lab Setup.mp4

01:18

2.1 Indirect Prompt Injection.html

2. Demo Prompt Injection.mp4

14:34

3.1 Insecure Output Handling.html

3. Demo Insecure Output Handling.mp4

11:40

4.1 Vulnerabilities in LLM APIs.html

4. Demo Supply Chain Vulnerabilities.mp4

08:32

5.1 Excessive Agency.html

5. Demo Excessive Agency.mp4

03:24

10. Bonus

1.1 christophernett.com.html

1. Bonus.mp4

00:58

Description

Learn Penetration Testing for LLMs and Generative AI

What You'll Learn?

Gain foundational knowledge about Generative AI technologies and their applications.
Understand the core concepts and methodologies involved in penetration testing for Large Language Models (LLMs).
Learn the step-by-step process of conducting penetration tests specifically tailored for Generative AI systems.
Study the MITRE ATT&CK framework and its application in Red Teaming.
Explore the MITRE ATLAS framework for assessing AI and ML security.
Review the top 10 vulnerabilities for Large Language Models identified by OWASP.
Learn about common attacks on Generative AI systems and how to defend against them.
Dive into a practical case study on exploiting vulnerabilities in a Large Language Model.

Who is this for?

SOC Analyst

Security Engineer

Security Consultant

Security Architect

CISO

Red Team

Blue Team

Cybersecurity Professional

Ethical Hacker

Penetration Tester

Incident Handler

IT Architect

Cloud Architect

What You Need to Know?

Basic IT Knowledge

Willingness to learn cool stuff!

More details

Description
Penetration Testing for LLMs is a meticulously structured Udemy course aimed at IT professionals seeking to master Penetration Testing for LLMs for Cyber Security purposes. This course systematically walks you through the initial basics to advanced concepts with applied case studies.
You will gain a deep understanding of the principles and practices necessary for effective Penetration Testing for LLMs. The course combines theoretical knowledge with practical insights to ensure comprehensive learning. By the end of the course, you'll be equipped with the skills to implement and conduct Penetration Testing for LLMs in your enterprise.
Key Benefits for you:
GenAI Basics: Gain foundational knowledge about Generative AI technologies and their applications.
Penetration Testing: Understand the core concepts and methodologies involved in penetration testing for Large Language Models (LLMs).
The Penetration Testing Process for GenAI: Learn the step-by-step process of conducting penetration tests specifically tailored for Generative AI systems.
MITRE ATT&CK: Study the MITRE ATT&CK framework and its application in Red Teaming.
MITRE ATLAS: Explore the MITRE ATLAS framework for assessing AI and ML security.
OWASP Top 10 LLMs: Review the top 10 vulnerabilities for Large Language Models identified by OWASP.
Attacks and Countermeasures for GenAI: Learn about common attacks on Generative AI systems and how to defend against them.
Case Study I: Exploit a LLM: Dive into a practical case study on exploiting vulnerabilities in a Large Language Model.

Who this course is for:
SOC Analyst
Security Engineer
Security Consultant
Security Architect
Security Architect
CISO
Red Team
Blue Team
Cybersecurity Professional
Ethical Hacker
Penetration Tester
Incident Handler
IT Architect
Cloud Architect

User Reviews

Rating

average 0

Total votes0

Focused display

Penetration Testing

Christopher Nett

Instructor's Courses

Christopher is security cloud solutions architect at Microsoft.Christopher has over 9 years of experience in cyber security, where he has advised some of the largest enterprises in the world on multi-million dollar projects.Education:★ MSc. Applied IT Security★ MBA★ BSc. Computer Science for BusinessCertifications:★ CISSP : Certified Information Systems Security Professional★ CCSP: Certified Cloud Security Professional★ CEH : Certified Ethical Hacker★ AZ-104: Azure Administrator Associate★ AZ-500: Azure Security Engineer Associate★ AZ-700: Azure Network Engineer Associate★ SC-100: Cybersecurity Architect Expert★ SC-200: Security Operations Analyst Associate★ SC-300: Identity and Access Administrator Associate★ KCNA: Kubernetes and Cloud Native Associate★ CKAD: Certified Kubernetes Application Developer★ CKA: Certified Kubernetes Administrator★ ATT&CK® Security Operations Center Assessment Certification★ ATT&CK Purple Teaming Methodology Certification★ ATT&CK® Adversary Emulation Methodology Certification★ ATT&CK® Cyber Threat Intelligence Certification★ HashiCorp Certified: Terraform Associate (002)★ Professional Scrum Master I★ Professional Scrum Product Owner I★ AWS Certified Security – Specialty★ AWS Certified Solutions Architect – Associate★ CCSK - Certificate of Cloud Security Knowledge

Udemy

View courses Udemy

Students take courses primarily to improve job-related skills.Some courses generate credit toward technical certification. Udemy has made a special effort to attract corporate trainers seeking to create coursework for employees of their company.