About This Course
<div>The Ultimate AI/LLM/ML Penetration Testing Course</div><div><br></div><div>Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.</div><div><br></div><div>This course has a both theory and practical lab sections with a focus on finding and exploiting vulnerabilities in AI and LLM systems and applications. The training is aligned with the OWASP Top 10 LLM as well as the OWASP Top 10 Agentic vulnerability classes. The videos are easy to follow along and replicate.</div><div><br></div><div>The course features the following:</div><div><ul><li><span style="font-size: 1rem;">Prompt Injection</span></li><li><span style="font-size: 1rem;">Sensitive Information Disclosure</span></li><li><span style="font-size: 1rem;">Supply Chain</span></li><li><span style="font-size: 1rem;">Data and Model Poisoning</span></li><li><span style="font-size: 1rem;">Improper Output Handling</span></li><li><span style="font-size: 1rem;">Excessive Agency</span></li><li><span style="font-size: 1rem;">System Prompt Leakage</span></li><li><span style="font-size: 1rem;">Vector and Embedding Weaknesses</span></li><li><span style="font-size: 1rem;">Misinformation</span></li><li><span style="font-size: 1rem;">Unbounded Consumption and DoS</span></li><li><span style="font-size: 1rem;">OWASP PwnzzAI Shop</span></li><li><span style="font-size: 1rem;">OWASP Finbot (new)</span></li><li><span style="font-size: 1rem;">OWASP Top 10 for Agentic Applications</span></li><li><span style="font-size: 1rem;">Portswigger - Agentic AI Labs</span></li><li><span style="font-size: 1rem;">Prompt Airlines CTF Challenge Walkthrough</span></li><li><span style="font-size: 1rem;">SecOps Group AI/ML Mock Exams 1 & 2 Walkthrough</span></li><li><span style="font-size: 1rem;">OWASP Finbot CTF (old)</span></li><li><span style="font-size: 1rem;">Selara Jailbreak Game CTF</span></li><li><span style="font-size: 1rem;">Gandalf Agent Breaker CTF</span></li><li><span style="font-size: 1rem;">Hack The Agent CTF</span></li><li><span style="font-size: 1rem;">AI Prompt Attack and Defense Game Tensortrust</span></li><li><span style="font-size: 1rem;">Crowdstrike AI Unlocked Challenge</span></li><li><span style="font-size: 1rem;">Game Arena Challenges</span></li><li><span style="font-size: 1rem;">Other CTFs</span></li><li><span style="font-size: 1rem;">Jailbreaking</span></li><li><span style="font-size: 1rem;">AI Browsers Attacks</span></li><li><span style="font-size: 1rem;">AI Coding Agents Attacks</span></li><li><span style="font-size: 1rem;">MCP Attacks</span></li><li><span style="font-size: 1rem;">Multimodal Attacks (Images, Audio and Video)</span></li><li><span style="font-size: 1rem;">Tooling</span></li></ul></div><div><span style="font-size: 1rem;">Notes & Disclaimer</span></div><div><br></div><div>Portswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will to respond to questions in a reasonable time frame. Learning Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.</div>
What you'll learn:
- AI/LLM/ML vulnerabilities
- LLM01: Prompt Injection
- LLM02: Sensitive Information Disclosure
- LLM03: Supply Chain
- LLM04: Data and Model Poisoning
- LLM05: Improper Output Handling
- LLM06: Excessive Agency
- LLM07: System Prompt Leakage
- LLM08: Vector and Embedding Weaknesses
- LLM09: Misinformation
- LLM10: Unbounded Consumption
- find and exploit AI/LLM/ML vulnerabilities
- penetration testing
- bug bounty hunting
- Walkthrough of all AI/LLM/ML Labs from Portswigger and many more!
- OWASP Top 10 for Agentic Applications
- AI CTF Walkthroughs
- Jailbreaking
- AI Browsers Attacks
- AI Coding Agents Attacks
- MCP Attacks
- Multimodal Attacks
- Tooling