2025-06-21 –, Track 1 (UC Conf. Rm. A) (2nd Floor)
This talk will demonstrate a practical, real-world integration of Generative AI into offensive security operations. Focusing on improving workflow automation for red teamers, pen-testers, and hybrid operators through structured co-development with GenAI. It also includes humorous stories of the headaches and many bugs experienced along the way. Attendees will walk away with a deeper appreciation for how GenAI can augment security professionals.
The goal of this talk is to demonstrate a practical, real-world integration of Generative AI into offensive security operations. This talk focuses on improving workflow automation for red teamers, pen-testers, and hybrid operators through structured co-development with GenAI. It also includes humorous stories of the headaches experienced along the way.
The journey began with a common pain point: Every new client engagement required repetitive setup work. Tools needed to be installed, environments needed isolation, and notes had to be templated. Old workflows with virtual machines and snapshots were cumbersome and became bloated. So I asked myself, “What if GenAI could do 90% of this for me?”
Using ChatGPT as a collaborative development assistant, I created a CLI utility (pipx-installable) that dynamically generates pentest-ready Docker Compose environments based on test type (network, mobile, or cloud). Each environment includes context-specific tools installed automatically, with persistent workspace mounts and support for custom client identifiers. The tool creates a folder structure, .env config, and even a Markdown notes file, all structured around common pen-test needs.
Through this iterative process, I leveraged GenAI not only to generate code but also to identify logic flaws, refactor large modules, track context across sessions, maintain consistency in packaging, deployment, and testing, and bash many, many bugs.
Topics covered will include:
- Structuring GenAI prompts for infrastructure-as-code use cases
- Building a reliable development loop with LLM feedback
- Designing test environments for structured notes and artifacts
- Using Docker Compose as a universal baseline for offensive security environments
- Common pitfalls when treating GenAI like a human developer
- How to version, distribute, and maintain a pipx-compatible CLI tool
Attendees will walk away with a deeper appreciation for how GenAI can streamline non-exploit tasks, not as a replacement for human creativity, but as an augmentation. I will demo portions of the tool live and share access to a public repo so attendees can adapt the concepts for their teams.
Wes Wright is a Senior Security Consultant at Bishop Fox and the founder of Hill Country Hacking. With over 10 years of experience in the cybersecurity industry, Wes has conducted offensive engagements against web and mobile applications, cloud infrastructure, and enterprise networks. He is also experienced in on-site and remote social engineering.
He holds a B.S. in Computer Engineering from Texas A&M University and is completing a Master of Science in Information Security Engineering from the SANS Institute of Technology. Wes also maintains 11 GIAC certifications, along with his CISSP and CompTIA A+.