OWASP Top 10 LLM Offensive Workshop
This intensive 8-hour workshop is designed for offensive security professionals who want to understand, attack, and assess applications based on Large Language Models (LLMs) from a practical and realistic perspective.
Throughout the workshop, participants will explore the attack surface specific to LLM-based systems, including modern architectures such as Retrieval-Augmented Generation (RAG), autonomous agents, and plugins, to identify how vulnerabilities are introduced and exploited across data flows, prompts, and knowledge sources. The approach is aligned with the OWASP Top 10 for LLMs, translating classic AppSec concepts into the new challenges posed by artificial intelligence.
*Note: Each module will last for about 2 hours
Workshop Contents
Module 1: Foundations and Attack Surface
Gain an understanding of LLM application architectures in order to map the attack surface and entry points.
- Architectures (RAG, Agents, Plugins)
- Data Flows and Critical Components
- Component-Based Risk Matrix
- Introduction to Prompt Injection (LLM01)
Module 2: Input and Output Exploitation
Execute hands-on prompt injection attacks and client-side exploitation techniques.
- Direct and Indirect Prompt Injection
- Insecure Output Handling (XSS, CSRF)
- System Prompt Leakage (LLM07)
- Evasion and Obfuscation Techniques
Module 3: Data Manipulation and Autonomous Agents
Compromise the integrity of LLM systems by manipulating their knowledge sources.
- Data and Model Poisoning (LLM04)
- Sensitive Data Exposure (LLM02)
- Excessive Agency (LLM06)
- Data Supply Chain Attacks
Module 4: Advanced Attacks and Findings Reporting
Analyze complex infrastructure vulnerabilities and document findings effectively.
- Supply Chain (LLM03) and Lifecycle (LLM08)
- Resource Consumption (LLM10)
- Misinformation and Hallucinations (LLM09)
- Structure of a Pentest Report for LLMs
Target Audience
Pentesters, Red Teamers, Offensive Security Consultants, and AppSec teams looking to specialize in the assessment of AI-based applications.
Requirements
It is required that each participant has a virtual machine with an operating system, Docker installed, and internet access for the cloud-based exercises.