Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Prompt Engineering for Threat Intelligence

Prompt Engineering for Threat Intelligence

This talk was presented at Bsides Melbourne and Hack Sydney in 2023

Thomas Roccia

March 24, 2024

More Decks by Thomas Roccia

Other Decks in Technology


  1. Sr. Security Researcher at Microsoft Author of Visual Threat Intelligence

    https://SecurityBreak.io & https://unprotect.it @Fr0gger_
  2. Challenges in Threat Intelligence Introduction to Prompt Engineering Techniques &

    Common Pitfalls Case Studies & Practical Applications (with code examples) Future Insights
  3. Prompt Engineering is the the discipline and science of crafting

    effective prompts to guide AI models, especially LLMs, to desired outputs.
  4. Clarity: Clearly define the task you want the model to

    perform. Specificity: Be as detailed as necessary to avoid ambiguous results. Iteration: Continuously refine prompts based on AI feedback.
  5. Over-complexity: Avoid making prompts overly detailed. Ambiguity: Vague prompts can

    lead to generic responses. Blind Trust in the Model: Over-reliance on the model's capabilities without verification. No Examples: not providing example inputs and outputs. Misplaced Belief in Model's Understanding: Assuming the model can intuitively understand your meaning. Ignoring Obsolescence: Failing to update prompts in line with model updates or changes in data.
  6. Precision and specificity Close ended question You are a threat

    intelligence analyst, analyze the provided data to identify MITRE ATT&CK techniques, and present in Markdown with columns for ID, Description, and Comments. Here are my data: <data> Role Definition / Contextual Awareness Clear Objectives Iterative refinement
  7. Self-Consistency Generate Knowledge Tree of Thoughts ReAct Graph Prompting Role

    Prompting Zero-shot Prompting Few-shot Prompting Directional Stimulus Prompting
  8. What is Few-Shot prompting? Guides ML models using example prompts

    for task understanding. Zero-Shot vs Few-Shot Zero-Shot: No example prompts. Few-Shot: Uses example prompts for clarity. Why Use Few-Shot Prompting? Enhances task-specific accuracy. Ideal for complex or nuanced tasks.
  9. RAG is a technique used to combine retrieval-based and generative

    models Two Phases: Retrieval & Generation Retrieval: Searches Database Generation: Context-Relevant Response Customize with Your Own Data! Prepare your data Tokenization Split in smaller Chunks Embeddings and Vector Model is ready for input
  10. What is ReAct? A logic framework for creating intelligent agents.

    Allows agents to perform complex tasks through a series of actions. Core Components Reason: The agent's thought process to decide the next action. Act: The actual action taken by the agent based on reasoning. How Does It Work? Action → Observation → Thought Cycle The agent performs an action. Observes the result. Thinks (Reasons) about the next step. https://peterroelants.github.io/posts/react-repl-agent/
  11. AI in Threat Intelligence Generative AI can address challenges in

    threat intelligence. Crafting the right prompt The importance of clearly defining objectives in prompt engineering. Mastering Techniques Understanding various methods like Few-Shot Learning, RAG, ReAct, etc.