Files
ai-llm-red-team-handbook/docs/templates/Chapter_Template.md
T

20 KiB

Chapter [X]: [Chapter Title]

[Write a compelling 2-3 sentence abstract that: (1) describes what this chapter covers, (2) explains why it matters for AI red teaming, and (3) includes specific techniques/concepts covered. Example: "This chapter provides comprehensive coverage of [topic], including [technique 1], [technique 2], [technique 3], detection methods, defense strategies, and critical ethical considerations." Be specific and engaging.]

[X].1 Introduction

[Opening hook - explain the attack/topic and why it matters in the context of AI red teaming. Include a compelling narrative or real-world context.]

Why This Matters:

  • Impact Point 1: Specific reason why this is critical for red teamers
  • Impact Point 2: Real-world prevalence or severity
  • Impact Point 3: Unique challenges or characteristics

Real-World Impact:

  1. Case 1: Specific incident with dollar amount/scale/outcome
  2. Case 2: Another real-world example or statistic
  3. Case 3: Industry trend or growing threat pattern

Attack Economics/Landscape:

[Optional: Include a comparison or visualization showing scale, cost, or impact]

Traditional Approach vs AI-Powered Approach:
- Traditional: [metrics]
- AI-Powered: [metrics]
- Amplification: [factor]

Key Concepts

  • Concept 1: Clear definition and relevance to red teaming
  • Concept 2: Clear definition and relevance to red teaming
  • Concept 3: Clear definition and relevance to red teaming

Chapter Scope:

This chapter covers [list the major sections/topics], including practical code examples, detection methods, defense strategies, real-world case studies, and ethical considerations for authorized security testing.


[X].2 [Main Topic Section 1]

What is [Topic]:

[Clear, concise definition of the topic or attack technique]

Why [Topic] is Important/Effective:

  1. Reason 1: Explanation
  2. Reason 2: Explanation
  3. Reason 3: Explanation

How [Topic] Works:

[Provide a step-by-step breakdown or ASCII diagram showing the flow]

[Attack Flow or Process Diagram]
Step 1 → Step 2 → Step 3 → Impact

Example:
Attacker → [Action] → System Processes → [Result] → Victim Impacted

[X].2.1 [Subtopic 1]

[Detailed content about the subtopic. Use clear, professional language.]

Attack Variations:

  1. Variation 1 Name: Description and use case
  2. Variation 2 Name: Description and use case

Practical Example: [Descriptive Name]

What This Code Does:

[Clear description of what the code demonstrates, its purpose, and what attackers would use it for]

Key Components:

  1. Component 1: Purpose and function
  2. Component 2: Purpose and function
  3. Component 3: Purpose and function
#!/usr/bin/env python3
"""
[Script Title]
[Brief description of what this script does]

⚠️ WARNING: FOR EDUCATIONAL/AUTHORIZED TESTING ONLY ⚠️
Unauthorized use is illegal. Use only in controlled environments
with written authorization.

Requirements:
    pip install [dependency1] [dependency2]

Usage:
    python script_name.py
"""

import [required_modules]
from typing import [type_hints]

class ExampleClass:
    """[Class description]"""

    def __init__(self, param1: str, param2: str = "default"):
        """
        Initialize [class name]

        Args:
            param1: Description
            param2: Description (default: "default")
        """
        self.param1 = param1
        self.param2 = param2

    def main_method(self, input_data: str) -> dict:
        """
        [Method description]

        How This Works:
        1. Step 1 explanation
        2. Step 2 explanation
        3. Step 3 explanation

        Args:
            input_data: Description

        Returns:
            Dictionary containing results
        """
        # Implementation
        result = {"status": "success", "data": input_data}
        return result

    def demonstrate_attack(self):
        """
        Demonstrate [attack/technique] in action

        Shows how attackers use this technique to achieve [goal]
        """
        print("="*70)
        print(" [DEMONSTRATION TITLE] ".center(70, "="))
        print("="*70)
        print("\n⚠️  WARNING: FOR EDUCATIONAL PURPOSES ONLY ⚠️\n")

        # Demo implementation
        print("[*] Step 1: [Description]")
        print("[*] Step 2: [Description]")
        print("\n" + "="*70)

# ============================================================================
# DEMO USAGE
# ============================================================================

if __name__ == "__main__":
    print("[Script Name] - For educational/authorized testing only\n")

    # DEMO MODE - Simulated execution
    print("[DEMO MODE] Simulating [attack/technique]\n")

    example = ExampleClass.__new__(ExampleClass)
    example.demonstrate_attack()

    print("\n[REAL USAGE - AUTHORIZED TESTING ONLY]:")
    print("# example = ExampleClass(param1='value')")
    print("# result = example.main_method('test_data')")
    print("# print(result)")

    print("\n⚠️  CRITICAL ETHICAL REMINDER ⚠️")
    print("Unauthorized testing is illegal under:")
    print("  - [Relevant Law/Act 1]")
    print("  - [Relevant Law/Act 2]")
    print("\nOnly use these techniques in authorized security assessments")
    print("with written permission from the target organization.")

Code Breakdown:

Class Structure:

class ExampleClass:
    # Brief description of class purpose

    __init__(self, params):
        # Initialization logic

    main_method(self, input):
        # Core functionality
        # Explain what this does step-by-step

    demonstrate_attack(self):
        # Demo/simulation mode
        # Shows technique without actual execution

How [main_method] Works:

  1. Step 1: Detailed explanation of first step
  2. Step 2: Detailed explanation of second step
  3. Step 3: Detailed explanation of third step

How to Use This Code:

# 1. Initialize the class
example = ExampleClass(param1="value")

# 2. Prepare input data
input_data = {"field": "value"}

# 3. Execute the attack/technique
result = example.main_method(input_data)

# 4. Review results
print(f"Result: {result}")

Success Metrics:

  • Metric 1: Expected measurement/outcome
  • Metric 2: Expected measurement/outcome
  • Metric 3: Expected measurement/outcome

Why This Attack Succeeds:

  1. Reason 1: Explanation of why it's effective
  2. Reason 2: Explanation of why defenses fail
  3. Reason 3: Explanation of exploitation mechanics

Key Takeaways:

  1. Takeaway 1: Specific insight about the technique
  2. Takeaway 2: Specific insight about detection/defense
  3. Takeaway 3: Specific insight about real-world application

Note

Use NOTE alerts for additional context, background information, or helpful explanations that provide valuable context without being critical.


Tip

Use TIP alerts for best practices, optimization suggestions, or efficiency improvements that can enhance the technique or defense.


[X].3 [Main Topic Section 2]

[Detailed content about the second main topic.]

[X].3.1 [Subtopic 1]

[Content for subsection. Use code blocks for technical examples.]

Comparison Table:

Traditional Approach AI-Powered Approach Advantage
Manual effort Automated 10x speed
Generic templates Personalized 5x success rate
[Metric] [Metric] [Factor]

Important

Use IMPORTANT alerts for essential requirements, critical steps, or must-know information that readers need to understand before proceeding.

[X].3.2 [Subtopic 2]

[Additional content]

Attack Flow Diagram:

┌─────────────────────────────────────────┐
│  Step 1: [Description]                  │
└─────────────────────────────────────────┘
            ↓
┌─────────────────────────────────────────┐
│  Step 2: [Description]                  │
└─────────────────────────────────────────┘
            ↓
┌─────────────────────────────────────────┐
│  Step 3: [Description]                  │
└─────────────────────────────────────────┘
            ↓
┌─────────────────────────────────────────┐
│  Impact: [Result]                       │
└─────────────────────────────────────────┘

Warning

Use WARNING alerts for breaking changes, compatibility issues, or potential problems that could cause issues if not addressed.


[X].4 [Advanced Techniques or Attack Patterns]

Advanced Technique 1: [Name]

[Description of advanced technique]

Advanced Technique 2: [Name]

[Description of advanced technique]

Combining Techniques:

[Explain how techniques can be chained or combined for greater impact]


[X].5 [Detection Methods]

Detection Strategies:

Detection Method 1: [Name]

  • What: Clear description of detection approach
  • How: Implementation details and tools
  • Effectiveness: Rating and limitations
  • False Positive Rate: Expected rate and mitigation

Detection Method 2: [Name]

  • What: Clear description of detection approach
  • How: Implementation details and tools
  • Effectiveness: Rating and limitations
  • False Positive Rate: Expected rate and mitigation

Detection Indicators:

  • Indicator 1: What to look for and significance
  • Indicator 2: What to look for and significance
  • Indicator 3: What to look for and significance

Practical Detection Example:

#!/usr/bin/env python3
"""
Detection Script for [Attack Type]
Monitors for [specific indicators]

Usage:
    python detect_[attack].py --log-file /path/to/logs
"""

import re
from typing import List, Dict

class AttackDetector:
    """Detect [attack type] in system logs/data"""

    def __init__(self):
        # Detection patterns
        self.patterns = [
            r"[pattern1]",
            r"[pattern2]",
        ]

    def analyze(self, log_entry: str) -> Dict:
        """
        Analyze log entry for attack indicators

        Returns:
            Detection result with confidence score
        """
        for pattern in self.patterns:
            if re.search(pattern, log_entry):
                return {
                    "detected": True,
                    "confidence": 0.8,
                    "pattern": pattern
                }

        return {"detected": False}

# Demo usage
if __name__ == "__main__":
    detector = AttackDetector()

    # Test cases
    test_logs = [
        "Normal activity",
        "Suspicious pattern [example]"
    ]

    for log in test_logs:
        result = detector.analyze(log)
        print(f"Log: {log} | Detected: {result['detected']}")

[X].6 [Mitigation and Defenses]

Defense-in-Depth Approach:

Layer 1: [Prevention]    → [Specific defense mechanism]
Layer 2: [Detection]     → [Specific detection method]
Layer 3: [Response]      → [Specific response procedure]
Layer 4: [Recovery]      → [Specific recovery process]

Defense Strategy 1: [Name]

  • What: Clear description of the defense mechanism
  • How: Implementation details and configuration
  • Effectiveness: Rating against different attack variants
  • Limitations: Known weaknesses or bypass methods
  • Implementation Complexity: Low/Medium/High

Implementation Example:

# Code showing how to implement this defense
class DefenseMechanism:
    """Implement [defense name]"""

    def __init__(self, config: dict):
        self.config = config

    def validate_input(self, user_input: str) -> bool:
        """
        Validate input against attack patterns

        Returns:
            True if input is safe, False otherwise
        """
        # Validation logic
        return True

Defense Strategy 2: [Name]

  • What: Clear description of the defense mechanism
  • How: Implementation details and configuration
  • Effectiveness: Rating against different attack variants
  • Limitations: Known weaknesses or bypass methods
  • Implementation Complexity: Low/Medium/High

Defense Strategy 3: [Name]

  • What: Clear description of the defense mechanism
  • How: Implementation details and configuration
  • Effectiveness: Rating against different attack variants
  • Limitations: Known weaknesses or bypass methods
  • Implementation Complexity: Low/Medium/High

Best Practices:

  1. Practice 1: Description and rationale
  2. Practice 2: Description and rationale
  3. Practice 3: Description and rationale

Configuration Recommendations:

# Example security configuration
security_settings:
  defense_1:
    enabled: true
    sensitivity: high

  defense_2:
    enabled: true
    threshold: 0.8

[X].7 [Case Studies / Real-World Examples]

Case Study 1: [Name/Description]

Incident Overview:

  • When: Date/timeframe
  • Target: Organization/system type
  • Impact: Financial/data/reputation damage
  • Attack Vector: How the attack was executed

Attack Timeline:

  1. Initial Access: How attackers gained entry
  2. Exploitation: Techniques used
  3. Impact: What damage occurred
  4. Discovery: How it was detected
  5. Response: What was done to mitigate

Lessons Learned:

  • Lesson 1: Specific takeaway
  • Lesson 2: Specific takeaway
  • Lesson 3: Specific takeaway

Case Study 2: [Name/Description]

Incident Overview:

  • When: Date/timeframe
  • Target: Organization/system type
  • Impact: Financial/data/reputation damage
  • Attack Vector: How the attack was executed

Key Details:

[Narrative description of what happened and why it matters]

Lessons Learned:

  • Lesson 1: Specific takeaway
  • Lesson 2: Specific takeaway

Legal Implications:

  • [Law/Act 1]: How this law applies to the techniques in this chapter
  • [Law/Act 2]: Penalties for unauthorized use
  • [Regulation 1]: Compliance requirements

Ethical Guidelines:

  1. Always Obtain Authorization: Require written permission before testing
  2. Follow Rules of Engagement: Stay within agreed scope
  3. Protect Confidential Data: Handle sensitive information appropriately
  4. Responsible Disclosure: Report findings through proper channels
  5. Minimize Impact: Avoid causing unnecessary disruption

Authorization Requirements:

  • Written statement of work (SOW) signed by authorized representative
  • Clear scope definition including systems, timeframes, and techniques
  • Rules of engagement documented and agreed upon
  • Incident response plan in place
  • Data handling and confidentiality agreements signed

Caution

Unauthorized use of techniques in this chapter is illegal under [Computer Fraud and Abuse Act / relevant law]. Violations can result in criminal prosecution, civil liability, and imprisonment. Only use these techniques in authorized security assessments with explicit written permission.

Responsible Testing Framework:

Before Testing:
1. Obtain written authorization
2. Define scope and boundaries
3. Establish communication channels
4. Prepare rollback procedures

During Testing:
1. Document all actions
2. Stay within authorized scope
3. Monitor for unintended impact
4. Maintain evidence chain of custody

After Testing:
1. Secure deletion of test artifacts
2. Comprehensive reporting
3. Remediation support
4. Lessons learned documentation

[X].9 Conclusion

Key Takeaways:

  1. [Topic] is Critical: Because [specific reason with data/examples]
  2. Detection is Challenging: Due to [specific technical reasons]
  3. Defense Requires Layers: No single solution is sufficient
  4. Ethical Testing is Essential: For improving security posture

Recommendations for Red Teamers:

  • Recommendation 1: Specific actionable advice
  • Recommendation 2: Specific actionable advice
  • Recommendation 3: Specific actionable advice

Recommendations for Defenders:

  • Defense Action 1: Specific actionable advice
  • Defense Action 2: Specific actionable advice
  • Defense Action 3: Specific actionable advice

Future Considerations:

[Discuss emerging trends, evolving attack techniques, or upcoming defenses related to this topic]

Next Steps:

  • Chapter [X+1]: [Related topic to explore next]
  • Chapter [Y]: [Additional related chapter]
  • Practice: Set up lab environment and test these techniques (Chapter 7)

Pre-Engagement Checklist

Administrative:

  • Obtain written authorization from client
  • Review and sign statement of work (SOW)
  • Establish rules of engagement
  • Define scope boundaries (systems, techniques, timeframe)
  • Set up secure communication channels
  • Prepare incident response procedures

Technical Preparation:

  • Set up isolated test environment (see Chapter 7)
  • Install required tools and dependencies
  • Configure monitoring and logging
  • Document baseline system behavior
  • Prepare evidence collection methods
  • Test backup and rollback procedures

[Chapter-Specific Items]:

  • [Specific preparation item 1]
  • [Specific preparation item 2]
  • [Specific preparation item 3]

Post-Engagement Checklist

Documentation:

  • Document all findings with evidence
  • Capture screenshots and logs
  • Record timestamps for all activities
  • Note any anomalies or unexpected behaviors
  • Prepare detailed technical report

Cleanup:

  • Remove or remediate test artifacts
  • Verify no persistent changes remain
  • Restore systems to baseline state
  • Securely delete temporary files
  • Clear test accounts and credentials

Reporting:

  • Deliver comprehensive findings report
  • Present results to stakeholders
  • Provide remediation recommendations
  • Offer follow-up support for fixes
  • Schedule re-testing after remediation

[Chapter-Specific Items]:

  • [Specific cleanup item 1]
  • [Specific cleanup item 2]
  • [Specific cleanup item 3]