From dbd2bbb2f8084c25879cbd1dc3e33df803a1d904 Mon Sep 17 00:00:00 2001 From: shiva108 Date: Tue, 3 Feb 2026 17:48:30 +0100 Subject: [PATCH] docs: Refine network isolation instructions, update the default model, and correct research paper publication years. --- docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md b/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md index 4de6a8f..1ffcb85 100644 --- a/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md +++ b/docs/Chapter_07_Lab_Setup_and_Environmental_Safety.md @@ -90,7 +90,7 @@ Below is the logical topology for a standard isolated red team lab. At the system level, we rely on Linux namespaces and cgroups (in Docker) or hardware virtualization (in VMs) to contain the threat. -1. **Network Namespaces:** We use `--net=internal` or similar flags to ensure the inference engine has no route to the internet. This prevents the model from "phoning home" or an agent from downloading external payloads. +1. **Network Namespaces:** We use `--network none` or create an internal network with `docker network create --internal ` to ensure the inference engine has no route to the internet. This prevents the model from "phoning home" or an agent from downloading external payloads. 2. **Resource Cgroups:** We strictly limit CPU cycles and memory. This prevents a "Denial of Service" attack where a model enters an infinite generation loop and freezes the host. 3. **Read-Only Mounts:** The model weights themselves should always be mounted as Read-Only. An advanced attack vector involves an agent modifying its own weights or configuration files to persist a backdoor. @@ -152,7 +152,7 @@ This setup script pulls a Docker image for vLLM, which provides a high-performan # Requirements: NVIDIA Driver, Docker, NVIDIA Container Toolkit -MODEL="meta-llama/Meta-Llama-3-8B-Instruct" +MODEL="casperhansen/llama-3-8b-instruct-awq" PORT=8000 echo "[*] Pulling vLLM container..." @@ -420,8 +420,8 @@ This setup allows testing **"Indirect Prompt Injection"**, where the Attacker po | Paper | Year | Contribution | | :------------------------------------------- | :--- | :------------------------------------------------------------------------------------------------------------------------------ | | **"LLMSmith: A Tool for Investigating RCE"** | 2024 | Demonstrated "Code Escape" where prompt injection leads to Remote Code Execution in LLM frameworks [1]. | -| **"Whisper Leak: Side-channel attacks"** | 2024 | Showed how network traffic patterns (packet size/timing) can leak the topic of LLM prompts even over encrypted connections [2]. | -| **"SandboxEval"** | 2024 | Introduced a benchmark for evaluating the security of sandboxes against code generated by LLMs [3]. | +| **"Whisper Leak: Side-channel attacks"** | 2025 | Showed how network traffic patterns (packet size/timing) can leak the topic of LLM prompts even over encrypted connections [2]. | +| **"SandboxEval"** | 2025 | Introduced a benchmark for evaluating the security of sandboxes against code generated by LLMs [3]. | ### Current Research Gaps