What You Will Learn
Today's threat landscape is no longer comprised of traditional threats. AI-driven attacks have become a reality, and they have shattered the barrier to entry that was keeping so many unsophisticated threat actors at bay. Staying one step ahead of these AI-fueled adversaries hinges on your ability to adopt their tools, tactics, and techniques before they exploit those capabilities against your organization.
SEC535 equips you with practical offensive AI strategies, including bypassing security guardrails, automating reconnaissance, and delivering AI-driven malware. Through immersive labs, you'll apply real-world TTPs like deepfake phishing and automated vulnerability discovery to simulate advanced attacks. The course culminates in a dynamic CTF, where you'll leverage AI-powered tools and tactics to assess and enhance your organization's defenses. By adopting the attacker’s mindset and mastering cutting-edge techniques, you’ll stay ahead of evolving threats and fortify your security posture.
Business Takeaways
- Leverage AI-driven methodologies to enhance Open-Source Intelligence (OSINT) collection
- Accelerate exploit development workflows by integrating AI capabilities
- Strategically incorporate deepfake technologies into advanced social engineering tactics
- Develop and deploy custom malware tailored to specific organizational goals
- Enhance penetration testing operations using AI tools like ChatGPT for greater efficiency and insight
- Design and execute precision-targeted social engineering campaigns powered by AI
You Will Be Able To
- Build Custom AI Assistants and GPTs
- Bypass LLM Security Guardrails
- Gather and Process OSINT Using AI
- Develop AI powered Phishing, Vishing, and Video Content
- Develop Custom Malware with AI
- Employ Custom AI Penetration Testing Assistants
What You Will Receive
- Unlimited access to all hands-on lab exercises that never expires
- Printed and electronic course books and a hands-on workbook
- MP3 audio files of the entire course
- Detailed video walkthroughs for all lab exercises
- Visual association maps to break down complex material
- A digital index for quick reference to all material
- Bonus content and hands-on exercises to develop your skills beyond the course
- Essential cheat sheets for tools and complex analysis tasks
Syllabus (24 CPEs)
SEC535.1: Introduction to Offensive AI, Reconnaissance, and Bypassing Security Guardrails
Overview
In this first section of SEC535 we will focus on the fundamentals of AI. We start with an introduction to AI infrastructure, and building custom GPTs and Assistants, before quickly diving into conducting reconnaissance. During this phase, you will be introduced to a custom-built penetration testing assistant, and use it to perform network enumeration, as well as a number of DNS attacks.
Exercises
- Building Custom GPTs
- Building Custom Assistants
- Bypassing Ethical Guardrails on LLMs
- OSINT for Penetration Testing
- Network Enumeration
Topics
Introduction to AI
- Training Concepts
- Machine Learning
- Supervised, Unsupervised, and Reinforcement Learning
- Neural Networks
Introduction to Penetration Testing
- Types of Pentesting
- Approaches to Pentesting
- Cyber Attack Frameworks
Customizing AI Models
- Introduction to ChatGPT
- Customizing GPTs
- GPT Store
- Introduction to Hugging Face
- Building Custom Assistants
- Assistant Store
Bypassing Security Guardrails
- Adversarial AI
- Many and Few Shot Bypasses
- Role Playing
- Fear
- Ranti and Devmode
- Morality
- Circumlocution
- Contextual
Gathering Open-Source Intelligence using AI
- Identifying Key Targets
- Using the Intelligence Cycle
- Active vs Passive OSINT
- What are Google Dorks, and Dorking with AI
- Using Spiderfoot for Reconnaissance
- Integrating Nmap with an AI Assistant
SEC535.2: Social Engineering Attacks
Overview
One of biggest ways that AI is revolutionizing penetration testing is in the realm of social engineering. In recent years we have seen an explosion of deep fake content, as well as the sophistication of phishing campaigns. In this section we’ll explore the art of developing convincing phishing content, as well as how to supplement it with both audio and video deepfake content.
Exercises
- Using Offensive tools for Phishing
- Building Phishing Emails with AI
- Developing Audio Deepfakes
- Developing Video and Image Deepfakes
Topics
Introduction to Social Engineering
- Social Engineering Attack Surface
- Psychology of Social Engineering
- The Role of Social Engineering in Penetration Testing
- Phishing
- Vishing
- Other Forms of Social Engineering
Social Engineering Tools
- Social Engineering Toolkit (SET)
- Mass Mailer Attacks
- Website Attack Vectors
- GoPhish
- Groups
- Templates
- Attachment Tracking
- Landing Pages
- Sending Profiles
Creating AI Powered Phishing Emails
- Hugging Face Assistants and Phishing
- Why Hugging Face is Preferred by Attackers
- Tips for Writing Prompts
- Why Limitations are Important
- Phishing GPT
- A warning about ChatGPT and Phishing
Audio Deepfakes
- Voice.ai
- Speech Concepts
- Components of Speech
- Types of Audio Deepfake Technology
- How Attackers leverage Audio Deepfakes
- Case Study: CEO Fraud
Visual Deepfakes
- Face Swapping
- Motion Transfer
- Image-to-Image Translation
- Lip Syncing and Audio Matching
- Case Study: Finance Workers
- HeyGen
- Deep Live Cam
SEC535.3: Vulnerability Discovery, Automation Attacks, and Malware Development
Overview
On the last day of this course, we will dive into vulnerability discovery and exploitation using AI. This will lead into an in-depth exploration of malware development, including how to create effective spyware using a variety of different AI models. The day will culminate in an immersive cyber range event, where all of the skills you have gained throughout the course will be tested.
Exercises
- Using AI for Vulnerability Exploitation and Discovery
- Writing Malware with AI
Topics
Introduction to Vulnerability Discovery and Exploitation
- Exploit Database
- Searchsploit
- Nessus
- Building scan templates and running scan with Nessus
- Generating Reports with Nessus
- The Metasploit Framework
- MSFconsole
- Meterpreter
- MSFvenom
Introduction to Malware
- Viruses
- Worms
- Rootkits
- Spyware
- Trojans
Malware Architecture
- Payloads
- Exploits
- Propagation Vectors
- Droppers and Downloaders
- Preventing Detection and Analysis
- Obfuscation Techniques
- Polymorphism
- Metamorphism
Creating Custom Malware with AI
- Obtaining Proof-of-Concept
- Quality of Life Features
- Adding Stealth Features
- Anomalous Behaviors from ChatGPT
- Safety Features
Laptop Requirements
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
It is critical that you back-up your system before class. It is also strongly advised that you do not bring a system storing any sensitive data.
CPU
- 64-bit Intel i5/i7 2.0+ GHz processor
- CRITICAL NOTE: Apple Silicon devices cannot perform the necessary virtualization and therefore cannot be used for this course.
- Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. To verify on Windows 10 or 11, press Windows key + "I" to open Settings, then click "System", then "About". Your processor information will be listed near the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".
BIOS
- Enabled "Intel-VT"
- Intel's VT (VT-x) hardware virtualization technology must be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS to enable this setting in order to complete lab exercises. If your BIOS is password-protected, you must have the password. This is absolutely required.
RAM
- 16 GB RAM is highly recommended for the best experience. To verify on Windows 10, press Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".
Hard Drive Free Space
- 100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.
Operating System
- Your system must be running either the latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below.
Additional Software Requirements
VMware Player Install:
- Download and install VMware Workstation Pro 17+ (for Windows hosts), or VMWare Fusion Pro 13+ (for macOS hosts) prior to class beginning. Workstation Pro and Fusion Pro are now available free for personal use from the VMware website. Licensed commercial subscriptions to these products can also be used.
- Other virtualization products, such as Hyper-V and VirtualBox, are not supported and will not work with the course material.
Your course media will now be delivered via download. The media files for class can be large, some in the 40 - 50 GB range. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as you get the link. You will need your course media immediately on the first day of class. Waiting until the night before the class starts to begin your download has a high probability of failure.
If you have additional questions about the laptop specifications, please contact customer service.
Author Statement
The cyberattack space is evolving, and so should the penetration testers. In this new era of AI-driven attacks its critical that cybersecurity professionals from both blue, red, and everything in between familiarize themselves with the tactics, techniques, and procedures of these new attackers. In SEC535: Offensive AI ™ we will fully embrace the adversarial mindset as we dive into the dark psychological tricks of social engineering and evaluate how AI can be used to bolster them, as well as looking at automating reconnaissance techniques, using AI for exploit development and utilization, as well as the process of writing novel malware with AI. As a former SANS Institute MSISE program graduate I am proud to return back to the SANS ecosystem to giveback to an organization that gave so much to me. When I was a cybersecurity instructor previously, I had one simple motto: Knowledge is forged by action. This sentiment was embodied during my time at SANS, and I wanted to make sure I continued that legacy with this course by introducing a large number of labs, all culminating in a massive capture the flag event on the last day of class. I love this area of study, and I'm excited to share that passion and knowledge with all of you.