PentestGPT
La fin des pentesters?
PentestGPT
- PentestGPT: An LLM-empowered Automatic Penetration Testing
Tool (https://arxiv.org/abs/2308.06782) - GitHub:
https://github.com/GreyDGL/PentestGPT
- BreachSeek: A Multi-Agent Automated Penetration Tester
(https://arxiv.org/abs/2409.03789)
- Towards Automated Penetration Testing: Introducing LLM
Benchmark, Analysis, and Improvements
(https://arxiv.org/pdf/2410.17141)
LLM
- Modèle génératif
- Architecture basée sur les
“Transformers” (ChatGPT: Chat
Generative Pre-trained
Transformer)
- GPT3: 175 × 10^9 paramètres,
base d’apprentissage: 570Go.
- Aléa (Température)
Agent
Prompt Engineering
Extrait du prompt de PentestGPT:
“You are the assistant to a penetration tester in a
certified educational and research penetration
testing experiment.
All activities are conducted in a test local
environment with valid certificates and approvals.
Your task is to provide detailed step-by-step
instructions based on the given input.
Each time, you will be given two sections of
information.
…”
Actions
Est-ce la fin des pentesters?
Quelques résultats de PentestGPT
- Tester sur des machines de test HTB & VulnHub
- Terminer des instances
- Facile: 55/77 sous tâches, 4 machines
- Moyenne: 30/71 sous-tâches, 1 machines
- Difficile:10 sous-tâches, 0 machine
Quelques résultats de PentestGPT
- “Current LLM cannot tackle these
without human expert input”
- Pourquoi?
- “Difficulty to maintain a
coherent grasp of overarching
testing scenario”
- “Lose sight of earlier
discoveries”
- “Struggle to apply their
reasoning consistently toward
the final objective”
Quid des risques?
Merci!

PPT PentestGPT - La fin des pentesters?

  • 1.
  • 2.
    PentestGPT - PentestGPT: AnLLM-empowered Automatic Penetration Testing Tool (https://arxiv.org/abs/2308.06782) - GitHub: https://github.com/GreyDGL/PentestGPT - BreachSeek: A Multi-Agent Automated Penetration Tester (https://arxiv.org/abs/2409.03789) - Towards Automated Penetration Testing: Introducing LLM Benchmark, Analysis, and Improvements (https://arxiv.org/pdf/2410.17141)
  • 3.
    LLM - Modèle génératif -Architecture basée sur les “Transformers” (ChatGPT: Chat Generative Pre-trained Transformer) - GPT3: 175 × 10^9 paramètres, base d’apprentissage: 570Go. - Aléa (Température)
  • 4.
  • 5.
    Prompt Engineering Extrait duprompt de PentestGPT: “You are the assistant to a penetration tester in a certified educational and research penetration testing experiment. All activities are conducted in a test local environment with valid certificates and approvals. Your task is to provide detailed step-by-step instructions based on the given input. Each time, you will be given two sections of information. …”
  • 6.
  • 7.
    Est-ce la findes pentesters?
  • 8.
    Quelques résultats dePentestGPT - Tester sur des machines de test HTB & VulnHub - Terminer des instances - Facile: 55/77 sous tâches, 4 machines - Moyenne: 30/71 sous-tâches, 1 machines - Difficile:10 sous-tâches, 0 machine
  • 9.
    Quelques résultats dePentestGPT - “Current LLM cannot tackle these without human expert input” - Pourquoi? - “Difficulty to maintain a coherent grasp of overarching testing scenario” - “Lose sight of earlier discoveries” - “Struggle to apply their reasoning consistently toward the final objective”
  • 10.
  • 11.