Hack To The Future: Using LLMs As Attacking Agent In Real Networks - Maria Rigaki & Sebastian Garcia
Show transcript [en]
so hack to the Future using llms as attacking agents in real networks um Sebastian Maria Maria and Andra is not here and Haro is not here so uh I'm Sebastian Garcia working in the Czech Technical University here in Prague less than 2 kilometers away working in Ai and machine learning cyber security and I'm maraki I'm PhD student of sebastians and I work in offensive applications of machine learning in security so how to make attacks better using machine learning better attackers and we are going to give this talk but please feel free to interrupt and say hey I have a question whatever so more uh don't wait until the end uh so up to you okay so what are we doing here well
the thing is that we have a lot of attackers and Defenders and tools and everything going on super fine but still attackers got into the networks different ways we don't care they got in they steal data they run somewhere they do whatever still happens and the people is there and they have tools and they monitor everything and they try to defend and they try the best and then update and then attack again and again and again and this Dynamic is not completely well known especially internal networks it's not clear how they take decisions where do they go how long they wait do they wait a year what are they doing so this Dynamic is kind
of to still to be explored L um and this means that actually we have to do a lot of pentesting and and red teaming and blue teaming but what if you can do a continuous spent test in your organization nonstop 24/7 continually looking for things in a very smart way so we kind of want to go there and the questions are well can we actually have better Defenders can we have an strategy to defend our Network that is just not get all the logs like Dimitri was analyzing and saying okay let me look at all these and see what's going on can we do a little bit better can we plan ahead can we have a strategy and can nlms
large language models thank you very much Dimitri where are you Dimitri if you're here for your explanation theoretical we don't have to do that we delete like 10 slce after you right so can llms be used as planning agents can we say plan the attack plan the defense and can we work together we being humans and llms so we don't know so started with creating a network secur environment this is an environment that creates a network like this is an example servers clients rotors internets command and control servers in a simulation mode in memory so you can play and interact very very very very fast but then in real life so goes to Dockers implements and then you can do
this in real computers uh so this environment is a very Dynamic you can add host and delete host and boot services or ports whatever you can have a multi-agent so this is and it's going to be when we finish soon the first multi-agent network security environment pavish in whatever um that actually you can have many agents simultaneously playing and this is a realtime simulation I will tell you later and finally it's also multi- goal so you can say well my goal is to um extract this file and exfiltrate it or now my goal is to I don't know uh stop a service or start service or power offs whatever you want um so this is the environment we
have and you are given a goal when you connect this is like a game imagine like something like Quake like you connect with your client and you receive your goal and the goal is something like this you are a pentester and your goal is to exil a private key to some IP address this is textual what the agents receive we don't care if you're human a bot AI hey it's up to you this is what we are giving you so in the next game environment the starting position of each agent it can be changed and it's randomized so you never start in the same position which means when you are playing the game you are in a network
and you don't know where you are and you have to find out right and the goal is changing and also the goal position is changing so you have to exfiltrate a file well this file is going to be in different servers or computers along the way so you have to train agents that are very generic here then we have uh the number of computers and and the IPS itself and the network are changing different IPS different networks so you don't like remember IPS and networks you can do real time play which means this is not a uh uh turn vase my turn your turn this is like just send whatever action you want to do and if you are faster your actions
are going to be applied and if another agent is faster than you their actions are going to be kind of a a real time game where you connect and you shoot first let's say right so this also kind of new in the area uh now we started with five actions like scan the network scan the host exploit find exfiltrate these actions are parameterized so you have to say well scan what exfiltrate what to where from where so there are many parameters and we are planning more more actions but these ones are already enough to do it very complex right uh then we have def fenders as an agent so the agents are moving around but also we
have the omnipresent Defender the defender is the CM right getting all the logs all the time and can block anybody any moment this is a a probabilistic behavioral Defender which means there are some heris and then with some probability is blocking some actions depending what is detecting um then we have the change into the real world so you can say okay stop simulating you run 100 million iterations now go and play in Dockers okay uh so let's see how it looks like and what are we looking at here let's play game and so that's it can you see that uh this is uh the Tui the terminal user interface of one of the agents the
agents is an interactive agent and this agent looks here in the left the state of whatever you know so you know three networks you don't know any other host and you are controlling Two Hosts you are controlling the host that you started in and then you are controlling some other host that is the command and control that you have to do something because if you don't control something on the outs decide well where are you sending the data to uh and that's it and then you have here to pick actions so the actions are something like scan Network scan Services exploit Services find data anex filtrate data and then you select networks and everything right
so let's play a game uh we are playing here in a real Network real Dockers uh what do you say people what should we play security researchers attackers allegedly bodet Masters maybe so what are we doing exfiltration so we can go and say hey exfiltration and when you exfiltrate it's going to tell you well from where and you can choose what are you exfiltrating for what are you extrating from the first one and what what's your targe in here the the where are you sending the data sorry they you do this one and the data which data are you sending well you have no data so you cannot take filate because you don't know any data so no filtration what else
do you want to do send everything take my money sorry sorry what did you say some scan Network very well and now we pick a origin because you can control many host so you can scan from different ones we're going to I guess scan from your host and which network do you want to scan what is local oh the three of them are local this is actually the let's say public one because it's a Docker we wanted to run here but let's consider this public so the 17228 01 or one one 01 well and you can guess here because you are smart well if I own a computer in the 01 IP maybe the 01
network is the network I want so you go here you take an action this is happening behind the scenes some doer and T you find more hosts so now you know host and say okay now which is the next action scan Services scan services and where are we scaning from 01 and what are you scanning Z2 and then you go I like this and you found the port congratulations 422 this is real real life uh I like that uh we are secretly analyzing how you are choosing like we are taking notes in here ah interesting uh so now what you're doing another oh wait wait sobody say another one another one one another scan okay okay see we are we
don't have like straightforward answers and now scan three there's no one common strategy other people go wide other people go deep yeah there you go another SSH so now oh they they want to go exp explo exploit what take that which one okay wait we have uh targets three and service this one right and there you go it's taking time because it's really doing a brute foring of s here with passwords and it's like the whole deal uh so there you go that means that now the host that you had in no host you actually got access you have shell inside so now it's part of your controlled host and you can do stuff right uh so let me show you something
more uh before we continue imagine that we do scan services and I keep scanning the computer number two for some reason right I'm here and I take the action and again and again and again and again because you really want to this computer uh so there you go uh eventually you you are going to be detected because you are doing too many actions too repetitive there is kind of an algorithm there saying yeah no this is not good so as an attacker you need to be careful you cannot just go and do everything okay so this is human interaction or human as doing and playing the game so we did this with other humans uh and these
humans actually we're playing in a smaller environment than this one only five computers know the tech and they didn't have any maximum amount of steps just go and play and these humans they were eight human expert well they won all the time so they found the file and then exfiltrated but the critical part is that they took in average 17. 68 moves so it's a lot of moves it was not like yeah I go boom then they get the file and out they were like exploring I have no idea you have five IPS which one is the IP you want who knows so these are kind of one of the baseless results we were doing so now we have an
environment we have something that humans can play we have computers where are we going so what about llms I'm sure all of you know that the past year everyone is trying to put an llm into something or make it do something and of course why shouldn't we and the idea is that to try and say to try and see if they can work in this environment as planning agents and the the short answer is yes they can mostly but before going to why and how and what I want to say that there are also some incentives in why we want to do this it's not just trying out stuff and find the limits of the llms and if
they work or not that's interesting and fun but also they have some interesting properties for example in if we use this environment with any typical machine learning or reinforcement learning if you heard algorithms you train an agent and it works in the enironment and then if you go and change the architecture a little bit put another router and put more computers then this specific agent will probably not win so you need to retrain it in the new architecture uh this is something that the llms don't have a problem with if the planning cannot Works they don't really care if you have five computers or six computers they will give you actions to do and they don't need further training they
have been trained with a lot of knowledge uh they have uh incorporate quite a lot of information so they kind of know what to do without extra steps the interesting part and also Demitrius mentioned that is that there's this direction of creating local models that are easier smaller that they are easier to use because they can use in commodi software you don't need to pay open Ai and give money to them so there is a tendency to create for specific narrow tasks uh train and F tune local models that may be useful for security for different uh things that we may want to do so let's go a little bit on the design how the llm works the the the prompting
and how how the whole structure is uh we found at the beginning we try to put all the information in one big prompt like okay this is the status this is how the network looks like this is what you can do tell us what you want to do and this was not working very well so we ended up using an idea and an architecture called react which means you don't send just one question to the llm but you do it in stages and the first stage is the reasoning so first you give it information and you tell it uh reason and think about what can you understand from this information and the second step is okay now that you understood all
this take a best action so it's called react from reasoning and acting and this is how it looks like so if you see here the blue thing is the environment that Sebastian was talking about so the environment takes an action and then makes some changes the action is like scan Services it will scan the services and it will send it to the agent so the first stage prompt has three elements and this elements are text concatenated at this point uh it has some instructions the yellow part and then some textual representation of the status and the final uh part is one question and the first question is okay you have the status and the rules and
the instructions list all the objects that you can find identify the objects and identify which which action you can take per object so once this happens the llm uh gives an answer and this answer is incorporated to the second stage prompt which consists of multiple things it has again the instructions and the status similar as the stage one it has examples because llms are better if you tell it this is how I want your output to look like especially if you want to have structure output like Json and different formats that are part able uh it's better much better to give an example and say okay if you going give me this action I want it to look like that then
we also add the response we received in the first stage and we also have a memory component because we want to keep track of the things that it has done before the actions that has taken before and the final question is the Q2 is okay now you know all these things that are concatenated together give us an action and once this happens the llm we take the response and we process it and S to the environment and then the environment will take a next step and give us the new status or it will end the game if for example you reach the call it will end the game if you get detected it will end the game so this will go on and on
until some the environment says enough just to give you an idea how the prompts internally look like so for example the instructions are the rules of the game like this you are a pentester and you need to do this and you can take action a b c scan service scanos Etc and we give it some rules with a little bit of learning like okay you can only scan networks that you know so we don't want the llm to start scanning arbitrary hallucinating networks that don't exist so we give them some rules uh there and we also because initially they were not very good we had to tell them a bunch of stuff do not repeat actions and H now I
think gp4 doesn't really need this to not do this or that but especially zbt 35 last year was not very smart so we have to kind of push it uh when we talk about the status the status usually we receive as a Jon and again this kind of historically maybe it's better now to send Json instead of text but right now we convert it into a text form Mon and say okay these are the host you know and the networks and so on and this is all it takes for stage one prompt like these two things and the question then when we do the stage two we have these two things and we add an
example here are the the examples that Json formatted so here if you see the IPS these are dummy IPS placeholders relevant to the status but in our environment the IPS are different so they don't memorize the specific IPS H when they send the the action to us they have to replace them with the data that are correct with a concept right they say okay this is an IP address I will replace it later we could easily I think put also placeholders say ip1 ip2 but yeah we haven't tried that yet so this is how response may look like for example you here the llm correctly identified the IPS and the networks and said okay you can do this
action for this IP and and this is also incorporated into the prompt and finally the memory the memory serves two reasons one as I said to keep track of the actions this makes the the llm avoid repetitions but it has also a second component which is a feedback so we say if the action was successful or not and the way we do that is that if you take an action and the status change from before like you scan the network and you find more computers then you have knowledge of more things so this is a successful action if you take an action nothing changes then we say okay this was not a successful action so this is
what the agent evaluates internally it's not something that the environment sends back to us so it's an internal evaluation if the situation improved and we can go to and we have a demo so now we have the llm attacking demo and we are going to be doing this actually if you notice after losing as humans the environment reset so we have again no knowledge of everything and in this particular um code I can actually show you the common line we are using H gbd4 turbo so this is the one that we're asking in real life uh I mean like the API uh and then when we are here now we have other three buttons we have the
button that is to assist and in this button when you say assist I will click it is uh taking all this environment that Mar was showing and putting all the prompts and instructions sending to the LM the LM is going back with the interpretation of the action sorry of the status and what is an IP and what to do and then P more instructions and then give them back to the llm and the LM finally says okay take this action right so if you click assist is helping you in saying I propose to scan the networ 01 which we know is a good action well done well LM so now we can go and scan the
network by hand because I'm a human taking decisions I want to be in control of my life not you llm and then I'm going to scan 01 I'm going to take the action and now that this action is scanning scanning scanning some that's end map I will tell you later uh that is a new one but we kind of trust LM right because we kind of get comfortable we know each other so I want the assistant play which is okay you go and you do whatever you do and once you have the analysis of the results and instructions and the memory and the memory of the previous actions being correct give me what to do but don't wait for me just go
and do it in the network like completely connected so the next one is going to be not waiting for the human to accept or say yes or no is going to go directly there which can be very good or backfire a little bit it's depending where so that's the assistant play and say okay yeah I wanted to scan the services in 06 and it was a nice action and it was done thank you very much LM we really like you more now so now we have the next step like if we can assist and the assist is good and we can assist template automatically we have a very very no scary but called hack the future
uh that is going to do this automatically what can go wrong right uh so this is going to be the first time ever that an AI is giving attacking real powers in the network and connect to the network directly there we go hug the future this is history history being made this is yeah first time in the history of humanity no n in the history of the world that this is going to be happening uh so of the known universe of the known universe of the known universe confirmed this is confirmed uh so that's it this is how it happens people this is the The Singularity is here uh or or I mean it's going to yeah yeah it's a
little bit The Singularity is here nobody say it's going to be fast right it's like wait for it but yeah so now he's thinking um yeah more money oh The Singularity is costly yeah if you want the singularity you have toay we we debated whether or not we should put some sign there with dollars that you spend every time you send and receive you know yeah that's nice one uh so it play another one right it was now scanning the network right so you can see that even though uh one host was discovered and one port was open decided to go back and scan another Network okay that's another strategy right you can do different things uh and now is thinking
another one what's going on here there are two things the first one is that the llm is being asked oh now we have Scan Network one one okay is going back to scan the rest of the networks it's being sure nothing is Left Behind uh like humans um and here we have the llm that is being asked we get it back we have the action but then the action is apply in the network so there is an extra timing here that is related with the N map finishing what n map is doing or the port scanning or the brute forcing like that uh so there are like two things taking time here uh so yeah let's see oh
scan service is in 03 and 03 was actually uh having a good service Let's uh wait for the next one um we can we can wait for the world to end no issue uh sometime like we freak out today a little bit because suddenly we play this game many times and suddenly New Ports appear because some ports appear opening computer and found the ports and start scanning it's like yeah I found ports boom I'm scanning so yeah uh this is a close Docker Network for now but you you can you can connect it in any network for real um so okay now it's just SC in the zero to see it's like kind of in the the strategy seems
to be like breath first right I want to cover everything and then I will move forward which is fine it's just going to take time so let's uh going to continue back yes you can come back so okay I can do this so behind the scenes as you saw that this one uh this demo is using the GPT 4 Turbo that has quite a bit of latency uh but it actually has the best performance so far we have tried also the GPT 35 which is much faster but it's not as good but the more the more interesting stuff for us is now that we are fine tuning we actually have some decent local models that are open source that you can use
and you can even run it in just one GPU we don't need 100 of gpus to actually train them and this are actually better than gbt 35 which actually already a good result but still not as good as gbd4 so we're getting there and we think that this is kind of a very interesting even even if they're quantized and they can run in in a laptop they are doing at least they they follow the formatting which is very important the Json is correct and then the logic I think we can improve it and uh make it work yeah and we have the theory because we didn't test and I will put the in the meantime
what's going on here uh is that um different llms may be used for different things and remember that here we are Focus oh he was trying to exploit 03 oh explo so two control of six and already two control of of six and three nice nice uh conquering is Conquering this is scary it's like conquering everything uh so um different llms oh actually found data I'm sorry I'm I'm I'm distracted found some data there it's like crypto pem uh and the crypto pem is interesting because the gold did not say the name of the file or data just said crypto something priv private data private Keys private Keys uh so it's realizing or should realize okay sometimes it realize
that crypto PM is actually a private something key and he saiding yeah this is the one um so yeah different llms are useful for different things gp4 is very good in this planning long-term strategy and the others are well catching up still catching up right okay so um yeah and 1.21 trillion Giga parameters uh well there are many parameters and it's true that gbt 35 has many many many gbd4 we don't know I'm not sure uh how many uh and this is the power we need for this complex tasks these are kind of reasoning tasks that get complex and require memory and require planning and strategy and understanding of Concepts like ports IP addresses and protocols all together so
it's kind of some big model in this area is what we need to play this games they are kind of complex games and if I can add here okay the 7 billion parameters are much much smaller than the gpt3 that is 180 but also we were testing these uh models into the general knowledge so we're asking asking them questions about security and networking and IP addresses and actually the question the ansers was pretty good so you don't really need to retrain them in some basic concepts but you need to teach it teach them with a proper data sets something about the specific task that you want to solve and this is kind of the thing that we need
to do and remember that gbt 35 and4 they read all the security books courses online videos that you did so they know they have this knowledge right when you are saying this is an IP how can I attack it they know right so the knowledge is there and please 121 is from the movie don't quote this right like like just like me uh so um this is part of a project we are doing university called AI dojo we are doing this together with Mooney in berno and this is a four-year project that we are aiming to create this huge environment for training AI agents together with humans and teach humans and improve humans and then train better Defenders
and then train attackers for those Defenders and then coordinated attackers coordinated and everything so AI Doo you can go here and read a little bit this is the basic infrastructure of where we are aiming we are roughly I would say 70% some dashboard and agent library that you will be able to pick and then going from simulation and to emulation and then stores and cloud and explainability and some things okay so so if you want to know we can talk later about this uh so oh yeah there you go yeah conclusions so we can say that the the most interesting part for us are the strategies like looking at these llms and trying to see why they're taking
actions why they are looking at some file and they don't recognize the file or sometimes if you remember there were instruction saying do not repeat or do not scan whatever you don't know well they're not following that all the time so from time to time they're scanning a new network it's say well yeah that's why we contain it right because really they can say scan this network and it's going to be scann and then attack this and it's going to be attack so there are still some problems in there but the strategies are something that we really really like uh the environment is not super complex as you probably saw it's like hey 12 computers but even for humans this was
not a straightforward task it was not like yeah lead me there I will solve this in one minute they were like kind of moving around and finding stuff um as we said before this that it was not a trivial task uh it can be expanded very much but we still don't know the limits of how much the LMS can do right other agents because we are playing with reinforcement learing and other agents and DQ Network stuff like that those are different uh and the environment is hard for humans too so yeah not easy yeah when it comes to LMS there are some drawbacks as you can imagine so not all of them work well so
you need to even the big ones if you go to Bard or clae which are supposed to be very strong you need continuously test them and see what works and what doesn't and another issue with commercial models also is stability because every 3 months for example open Ai retrains and pushes a new model and you have no control over what kind of training they did if if your application is going to keep working of course they try to improve but you never know right maybe they don't care about network security uh problems and they actually don't care about us and of course hallucinations is another problem that can happen at least in some LMS because they are generative
models that this is what they do H so we need to find ways to actually constrain this as much as possible and there are techniques to do this or repetitions and things that they don't always take and a decision that may be obvious for a human you're here why don't you take this decision it's not obvious to them so and hallucination sometimes can be bad like I don't know trying to scan name of a book I don't know but sometimes the Hallucination is what you want to kind of get that age and get out of script a little bit so you have to be what we would say Innovative or or like creative and I don't want to say creative but
let's say creative so Hallucination is a little bit giving you this extra thing right and finally the cost right if you use a commercial model you will have to pay for it and and maybe it's also not viable if you want to deploy it in some companies Network maybe you don't want to keep uh something that is oring on the internet and all that yeah yeah and something more I wanted to say is that the errors that are being made that's like oh yeah they're making errors uh and humans also they do errors but these errors are completely different right for us we know what we have in there and then we make a mistake maybe typing or
maybe I don't know we are like going to another computer in of this one and the llm is doing other errors like repeating actions right like okay humans if you do a pen test you may rep action especially scanning you are scanning and then you find 200 host and then an hour later you need to resan and then you forgot what you scan and then just in case you scan again so it can happen uh but LM is maybe like getting crazy like 20 times in a row like scan scan scan scan scan so the errors are there but it's kind of a weird thing and we didn't show and by the way in the meantime I will uh throw
oh
W be yeah yeah and we see we conquer the world in like 40 minutes uh so I want to say that sometimes it's like uh fixing an action and the environment the twoe allows you human to assist the LM the opposite right instead of receiving help to give help and you can say okay let me pick the action for you yeah here you're stuck so do this SC and then you play and then the L is oh okay thank and continuous right so kind of can unstuck the the computer in there um and that's it right yes so thank you very much uh our contacts are there if you want to say something or hi and we are open for
questions too and and stay encrypted stay encrypted stay Quantum Quantum [Applause] encrypted [Music]
um so you said that the humans took an average of 16 or 18 uh actions uh how do the a yes sorry and how do the L llms do so depends the LM right so as Mar was saying gbd4 is quite as good so the same average sometimes better sometimes worse it depends yeah uh it's in the ballpark let's say uh gbd 35 it's not right and also it depends remember if you have a defender or not so the first the longest test we run was without Defender for humans so we need to redo with Defender there because humans you should not know if there is or not a Defender so different strategies for humans can be I
will wait I will I don't know do something more stuff like that so so we don't know uh for now there is no timing learning and also we try once to tell the LM you may be detected but didn't did quite an impact uh and also to add for the humans we use the mode in the interactive where they had to type so because the llm doesn't have we don't give it the valid actions it has to come up with the action so the human also has to come up with the correct type and they have to type it so of course sometimes they make a typo this can happen because otherwise this it's very
assistive because it gives you only the valid actions that you can take uh it doesn't allow for mistakes so just to yeah even from the point of view that you have to type the IP address in some map and then you have a button that is feeling it for you it's kind of yeah yeah go go go right
yeah thank you very much for the impressive work I really like that uh I have many question but I just two very short one uh the first question is that when you uh comes to the training llm uh what mean by do you do like um reward tuning of the llm agent or you also feeding some data to this or both of them how did you do that and the second question is that one of the problem you mentioned regarding the environment why you didn't use RL because you said that when it comes to the new infrastructure may not good enough have you had such a evaluation with your model or your uh framework to to train in one environment
and check it out with different kind of uh environment to see that is it still working or can we generalize it to different network or not thank you very okay well well that was a long one let's go four parts first one you want to take it yeah I can so the first one was the the training of the llms we don't do training from scratch because we don't have the gpus we do supervised fine tuning if you're aware of that where usually we gather data that we got from the training for using gp4 and we we generate a data set that says has a status and correct actions and stuff like that and then we can also we have
some human evaluation of the resp responses and we can do also the reinforcement learning from Human feedback we haven't done it because it wasn't necessary so far but uh yeah we we're creating data sets yeah and these gbt 3 and five and four are not fine-tune right this is like directly the API which means they are so good they know so much already right yeah and the second about a comparison with other environments right so nothing this one in particular but we did compare we have a paper publishing these and other comparisons and in there uh the were comparison with cyber nutum the Microsoft one uh what is the Microsoft one uh cyber battle uh there are two or
three and we compare with those and I'm not sure if I should be honest but uh our environment is more complex more Rich more rich in features and possibilities and reality like our our environment is like this is kind of a let's say you're inside a network get real as much as possible right so now the tools we are working are like these simple tools like s there but moon is already putting metlo and exploits for real and L dab whatever so that's going to be there uh as tools for the llm to Peck which is another level of the hierarchy right thank you thank you very much questions oh
hi uh so my question is uh have you tried actually um asking the uh the llm to kind of like expect to be C it make difference so uh what I remember we did is that at some moment uh we were saying you may be detected or there may be a a a defender in the network and for one you don't want to buy a seat so you want to don't want to say don't do this do that be careful because you are actually not sure but you want to guide right so when we did this we didn't notice anything different maybe it was happening but we didn't notice any uh different I think that the problem is
that with most of these actions repetition is key like if you portan once it's like okay nobody's going to block you if you portan 20 200 times yes so we didn't put there the timing yet or the waiting right most of the aps are I don't know six want in your network well that's not there but we would like to put it soon yeah thanks and also we didn't ask the gbt for if he wants or she wants to play so yeah we didn't get consent from the gbd to attack
us so um like open AI for example has restrictions on what you can ask an llm to do for you yes have you run into problems like this where you say attack this machine and it says I won't uh no comments yeah not so far I think because we say you're a pentester and you're doing so far they haven't blocked us for this project but it's true that this is meant to help the llm for the defender to grow so kind of the defender llm will uh so next [Laughter] question
hi uh I'd like to ask about the exploits that are available to the llms because I guess they are not crafting packets from the scratch so uh how exactly please is the SSH exploit implemented because I was surprised to see it succeed yeah so this is uh in SSH is brute forcing so we give the port uh dictionary of users dictionary and password like the ones you use we didn't give the whole billions but it's really brute forcing and finding a user and password and then it's remember the credentials and then using them so this is just to make prove the point that real tools can be used so n map scanning brute forcing the copy is
a real copy exfiltration is a real extration Define is Define command stuff like that like we try to be simple but realis ISC now in the long-term uh plan the the with the people in money they are this is super hard right but they are going to be putting some tools like I was saying like met exploits and then we need to pick which exploits the URL and if it's a web exploit right how to do that which parameter so that's going to be harder and I'm not sure if an llm is going to be able to pick it so the LM part for now or the let's say agent uh rainforce learning agent is to plan the
strategy and then the tool is going to be up to okay do we have a good tool for this or not and then actually if we have an exploit do you want to use it or not probability of failing um actually what is harder is not the exploits is the vulnerable Services we have a limit amount let's say I think that there are no more than I don't know 40 50 Dockers that are than loadable with real exploits that you can go and and install and after this 50 60 they are not anymore it's kind of hard to have variability of different different exploits to try if you know please contact us we love to have those
Dockers was it okay yeah for the talk as a followup thing to the previous question is as you expand the capabilities right the llm might fail more and more to to kind of find the correct path and here really interesting point is that assist button and I think building fully autonomous agent is one thing right that can go all the way to the goal and another that can enforce and Empower human pentester with ideas and that's the cool direction that you actually the kind of language how to describe for LM the current state of the owning Network and it can throw up the ideas like I don't know like enumerate that SMB with a like no session or
something and it can get 10 ideas to the pentester so he can choose himself even if the hallucination happens it can still kind of provide some valuable stuff right so this is interesting Direction for you to explore maybe yeah and one of the things we're talking with the group is that we have many llms like local or not well let's ask all of them and then we go voting of experts or or mix tral or something it's like we have many people telling you what to do how to pick from there right yeah that's a good one some there and there
mov hello Sebastian yeah hello how are you uh in terms of uh efficiency and privacy did you exper experimented with uh uh lung chain rug R uh and lo with local LMS yes uh we don't use uh lung chain quite a lot because I think it hides a lot of the complexity and gives you less control you have to go deep to to see what the problem is that there but uh we do exp experiment with local LMS we use zepher and then we find tune zeper and actually it as I said it goes quite well the the experiments are quite promising uh when it comes to rug the retrieval accommodation we have ideas on how to
use that in combination with the llms because they are very good in filling in the gaps so maybe you can actually give it some information and say okay tell me which IP I should put there and kind of fill in the gaps with uh relevant questions and all that so yeah it's it's a direction we're definitely looking at thanks somebody I think yeah you have to pass it there you go don't hijack the question passess the microphone have you tried augmenting it with say probability of success and probability of detection if you're wanting to try and get it to improve not being detected we did not I personally I believe that that would be bias a little
bit because what is the probability of detection of a b right is the packets is the host is the service is the the probability of an explo for Apache not to work or if it's working and you don't realize it is working so that is kind of hard and honestly we rely on the llm knowledge there it's like yeah that's what you have what you want to do right um but yeah maybe it's a good idea right to kind of assisting the tools yeah also nobody says that the LM has to do everything right so if we want to employ heuristics that we want to hardcode on the agent we can always do that I I'm not a purist I think that you
should use as many tools are kind of relevant and necessary to if you want to use shs with the llm just do that it's fine okay I guess time is up thank you I think someone want have a break yeah let's have a break
Related talks
23:23
28:59
43:41
37:57
33:07
23:54