{"title":"Hacking, The Lazy Way: LLM Augmented Pentesting","authors":"Dhruva Goyal, Sitaraman Subramanian, Aditya Peela","doi":"arxiv-2409.09493","DOIUrl":null,"url":null,"abstract":"Security researchers are continually challenged by the need to stay current\nwith rapidly evolving cybersecurity research, tools, and techniques. This\nconstant cycle of learning, unlearning, and relearning, combined with the\nrepetitive tasks of sifting through documentation and analyzing data, often\nhinders productivity and innovation. This has led to a disparity where only\norganizations with substantial resources can access top-tier security experts,\nwhile others rely on firms with less skilled researchers who focus primarily on\ncompliance rather than actual security. We introduce \"LLM Augmented Pentesting,\" demonstrated through a tool named\n\"Pentest Copilot,\" to address this gap. This approach integrates Large Language\nModels into penetration testing workflows. Our research includes a \"chain of\nthought\" mechanism to streamline token usage and boost performance, as well as\nunique Retrieval Augmented Generation implementation to minimize hallucinations\nand keep models aligned with the latest techniques. Additionally, we propose a\nnovel file analysis approach, enabling LLMs to understand files. Furthermore,\nwe highlight a unique infrastructure system that supports if implemented, can\nsupport in-browser assisted penetration testing, offering a robust platform for\ncybersecurity professionals, These advancements mark a significant step toward\nbridging the gap between automated tools and human expertise, offering a\npowerful solution to the challenges faced by modern cybersecurity teams.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09493","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Security researchers are continually challenged by the need to stay current
with rapidly evolving cybersecurity research, tools, and techniques. This
constant cycle of learning, unlearning, and relearning, combined with the
repetitive tasks of sifting through documentation and analyzing data, often
hinders productivity and innovation. This has led to a disparity where only
organizations with substantial resources can access top-tier security experts,
while others rely on firms with less skilled researchers who focus primarily on
compliance rather than actual security. We introduce "LLM Augmented Pentesting," demonstrated through a tool named
"Pentest Copilot," to address this gap. This approach integrates Large Language
Models into penetration testing workflows. Our research includes a "chain of
thought" mechanism to streamline token usage and boost performance, as well as
unique Retrieval Augmented Generation implementation to minimize hallucinations
and keep models aligned with the latest techniques. Additionally, we propose a
novel file analysis approach, enabling LLMs to understand files. Furthermore,
we highlight a unique infrastructure system that supports if implemented, can
support in-browser assisted penetration testing, offering a robust platform for
cybersecurity professionals, These advancements mark a significant step toward
bridging the gap between automated tools and human expertise, offering a
powerful solution to the challenges faced by modern cybersecurity teams.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
