BSidesCharm 2025 - Supercharge Your Workflow: Using WhiteRabbitNeo for AI-Powered Analysis

[Music]

Hello. Today I'm going I'm Bailey and today I'm going to be talking about supercharging your workflow by using White Rabbit Neo for AI powered analysis. So first a little bit about me. I'm a cyber security and political science student at Old Dominion in southeastern Virginia. I'm also a cyber security intern at Kindo uh which focuses on creating agentic security applications for enterprises. and I'm also a contributor to the White Rabbit Neo open source project which is why I will be talking about today which is sponsored by Kindo. So what is White Rabbit Neo? White Rabbit Neo is an uncensored open- source AI model specifically for DevSec Ops. What is an a uncensored AI model? So AI models like chat GBT or

Gemini are censored which means that they don't have um which means that they are instructed to not respond to certain user queries. So if you ask it to write DOS attack for you'll tell you no and call you a criminal. Um and so this makes the models unusable for cyber security applications because despite the ethical nature of cyber security those hacking related questions are heavily censored. So you either have to just the only real way is to jailbreak and just trick it into answering which eats up a lot of valuable time. In contrast, White Rabbit Neo is uncensored which means it can answer any hacking related questions without you having to trick it. So White Rabbit Neo is train

so I'll go into a little bit about the training of White Rabbit Neo. We try to release a new model set roughly every quarter. Um and when the training process starts the team first finds which large language model is currently scoring the best on coding and software engineering evaluations. So in the past this has me meant that our foundational model has been llama, llama 3.1, deepseek and quen and these lms also have licenses that allow us to use them as our foundational model. Our engineers then go in and remove the guardrails that restrain the AI models from answering those questions and making it uncensored. Next, we add in our own proprietary data and um this data focuses on red teaming and

offensive cyber security applications. This model is also code first which means is instructed to respond with code whenever that's applicable. So this focus on software engineering makes White Rabbit Neo great at detecting vulnerabilities in code, writing code segments and exploits and also teaching students about coding. And the final thing I want to say on this slide is that White Rabbit Neo promotes human in the loop AI usage which that means that humans validate AI responses to ensure that they're in um line with whatever your company objectives are rather than trying to fully automate the process. So this um ensures accountability and just helps um lighten the workload of security professionals rather than working to fully replace them. So it's

just giving them a chance to get ahead on their workloads. So why is white rabbit neo important? So white attackers have already begun using AI tools both those found commercially like chatbt and ones on the dark web to conduct cyber attacks. And so to effectively counter a rise in AIdriven cyber attacks, both red and blue teams need to be familiar with and use AI tools to avoid falling behind on attacks um which leaves systems at risk of exploitation. So we'll talk a little bit about how white rabbinio helps to reduce TDM by conducting time inensive research and analysis for security professionals to allow them to get ahead on issues and um work proactively rather than

reactively. White Rabinio, like I said, is also a great teaching tool and mentor for beginning security professionals. So, we'll spend some time here looking at how AI is revolutionizing the learning landscape and how you can optimize your experiences with AI. First, I'm going to we're going to look at a example of secure code analysis using White Rabbit Neo. Um, so through Kindo, you can use White Rabbit Neo in your IDE. You can also use it directly in the chat interface on app.wight rabbitneo.com for free. Um, this version is just a little prettier for screenshots. Um, but so you can use it to ask, hey, here's my code. What vulnerabilities exist in it? And then it will explain the different

vulnerabilities. So you're actually understanding what it's pointing out, not just saying, hey, here's the code you need to write instead. So, it'll explain these different issues and then it will go in and give you the code that it suggests that you apply and you can choose to reject or deny it on a case- by case basis. And then you can also ask it more questions about why it's suggesting certain things within the chat as well. Normally, this would be a more live demo, but my computer is very slow in here, so we're just going to stick with a screenshot. So now AI is a teaching methodology. So artificial intelligence is often portrayed as dumbing things down. But I

believe that AI has the potential to be a new teaching methodology. So much like when you're in school and you are you have different ways you can learn whether that's in lecture or homework or exams or some other practice problems. White rabbit and other LLMs are another time to learn whether that's about new cyber security concepts or something else. So, one great application is by asking it questions and take letting it take you down different rabbit holes um as you solve a problem to it teaches you as you go along rather than just blindly accepting what it's saying is true. So, this is an example of it'll load a rabbit hole that I followed while

preparing questions for a different talk. And so in this example, I'm showing um I'm asking it to how to reverse Python bite code without using disc um because my computer just was not cooperating with that command. And um so as you can see I've just asked get how to reverse Python bite code without using disc. I'll zoom in a little bit. So the first response from White Rabio discusses using this which it just shows that sometimes you have to ask an AI multiple times before you can actually get the answer you're looking for. So it's a lot of just trial and error and different prompting strategies as well. I then asked it to suggest some

alternate tools which it then did and it told me to install them using PIP. And so for a demonstration on how you can follow different rabbit holes down I asked it to explain what PIP is. I'll let it get caught up real

quick. Does it not want to get caught up? Guess not. Um, and so there we go. Of

course, then I'm asking it what is pip and it tells you, you know, pip is a uh package management system used to install and manage software um packages written in Python. But then when you try to use pip directly from the command line, it tells you you get an error saying that the command isn't found because you have to use pip within a virtual environment. So to highlight how a student would tackle this, I then asked it how to initiate a virtual environment. And so, White Rabbit Neo not only um tells you how to initiate the virtual environment and walks you through the different commands, but it also uh explains what those commands do. So,

you're actually learning and reinforcing it in your brain rather than just copy and pasting into your command line. And now you can see I've just asked it how to initiate virtual environment.

Then you can see it teaches you how to use the what the different commands mean when you're initiating an environment and also a little bit about virtual environments themselves. So another example of using white rabinio to learn is using it to explain different complex topics. So in this example I've asked white rabinio to explain binary exploitation at a nth grade reading level since that is the average reading level for an adult in the United States. And that's true. I'm not making fun of the American education system. Um, and so while binary exploitation is a pretty complex topic, White Rabbit Neo did a good job of distilling the basics to the level level I asked it to. And in

its response, I read that an attacker identifies a vulnerability in a program or system and then uses it to launch an attack. And they can do this by crafting malicious input or by exploiting the vulnerability in a way that allows them to execute arbitrary code. So then I followed up with White Rabbit Neo and I asked it how can attackers inject malicious code into binary files. So White Rabbit Neo gave me several different suggestions on how I can do this and explain each one of them as well. So then if I was interested in learning more say about how a buffer overflow attack works, I could then ask a follow-up question on that. So now I want to highlight an example of

using white rabbit neo in an agentic framework to um analyze logs and suggest remediations.

So there's a couple of API requests that start off at the beginning of this workflow and each of them sends API requests to different websites. So this one uh requests I believe it sends to the national vulnerability database and then the next one to the next one receives the logs that you would like for white raven to analyze and then finally this API request I believe uses vone check as a backup for the NVD. So next it sort you next there's a step that asks it to sort the vulnerabilities by se severity. So from the outputed CVEes it'll filter all vulnerabilities that report CVEEs that require only Sonic Wall components since that's what we're looking at in the logs

and allow for privilege privilege escalation remote code execution or some other means used to create an admin account. So just looking for vulnerabilities in the data that we collected from our Sonic Wall to allow for privilege ex escalation. Finally, it'll ask it to conduct a red teaming penetration test and you can see the prompt here for that. So, I won't actually run this one here, but I do have just a one that's been ran in the past. So, you can see the different API requests that have gone out. And then you can see that it's filtered the vulnerabilities by severity to show which specific uh NVD or CVE should be used um to craft the exploit

for Sonic Wall. And then finally, it will conduct the red team penetration test. So it'll write up a short summary and then give you the code which you can then run. Obviously I will not do run it myself here. Um to actually go in and utilize this vulnerability to create an admin account.

So, I hope these examples gave you a bit of an idea on how you can use white rabbit neo and AI in general to my slides. Come back up. I guess not. Um, you can just see what I see. So I hope this gave you a good good starting point how you can use white rabbit neo and AI models in general in your cyber security practices and thank you for

attending. I do have rabbit enamel pins and stickers up here if anyone wants them if they're but I'm happy to take questions first as well. Yes, you get this right by I don't see why not. I was able to do it

through I got to do it and thence it at once you've broken it, you know. But I mean like and don't do that. I was just curious like if I could um I didn't walk into the pres later but but I was like okay but I spent 15 minutes just fighting it. Yeah phrasing in a very specific way. You know I'm a security researcher good and so I look at this and I go yeah. So yeah, I like I said I have not tried that specific example and I encourage you all to use white revenue and ethical applications. Um but um I don't see why it wouldn't. Yeah. Yes. If I recall correctly, several of

the models obviously use censorship tools to go ahead and keep people from going in various areas that they're concerned about. Um, but it seems that some of them have also used the censorship to to try to step on things that they know the particular models aren't particularly good at or that they they just kind of crap answers for. Um, so when you remove that, is there any way to protect you from the notion where you just wandered into something that this particular model is bad at answering other than just kind of experimenting and seeing what works? Um, experimenting. So in our evaluation process, we do try like a ton of different use cases and trying to

identify any weaknesses so that we can strengthen those before we like release the model. Um but obviously anything that an AI puts out you should verify before you're pushing it straight into your production. So I think you had one next. Yeah, I download myself and also is there API available I can use? So there is not a free API available but there you can either use it on uh if you go to white rabbitneo.com it'll direct you to the login for the to create a free account for using in the chat and then are you familiar with uh hugging face so it's like GitHub for AI models so you can use it if you have a large uh large enough

computer we have a bunch of different models on there um on our hugging face there's also a link to the discord server which I run so if you have any questions or need help with um setting them up. I'm happy to help. Yep. Uh yes, I can give them to you after. I just have to pull them up. What languages, programming languages have you seen it perform? I've seen it use everything back to Cobalt. So obviously I've not tried every coding language in existence but I haven't heard of it doing particularly poorly with any language but other models.

Um so if you're just using it as the model itself it's liable to hallucination. One way that you can ground against that is by using some sort of rag with it. Um, so that's like giving it a document library to pull from and base its answers off of so that's just not making things up based off of its pre-trained data. Does that make sense? Yes.

Sure.

Any more questions? All right. Well, thank you and you guys can enjoy lunch. [Music]