Mastering Gen AI for SOC

Commercial Gen AI Platforms

• LMArena

• ChatGPT

• Claude

• Gemini

• Copilot

• Mistral AI

• Meta AI

• Perplexity AI

• DeepSeek

• StableDiffusionWeb

• Openart

• Grok

• Llama

• Skywork

• Kimi

• ChatPDF

• Fix Text with AI

• Pi, your personal AI

• Cluely

• Aichief

HuggingFace

• Spaces

• Face Swap

• ElevenLabs

Malicious AI Models

• Xxxgpt.org

• Wormgpt.net

• Fraudgpt.org

• WormGPT | FlowGPT

• Racoon

Malware Analysis

• Malware Analysis

• SSL Expiry Alert with SSL-Checker.io

PCAP Analysis

• Wireshark

• Investigation.pcap

• BF

• Wireshark Tutorial: Exporting Objects from Pcap

Gen AI Prompts and Training

How To Prompt

People think learning AI is hard. It’s not.

I found 9 guides so you don’t have to:

1. How to AI - how-to-prompt.ai
Perfect for non-technical people to master AI.

2. OpenAI Academy -https://academy.openai.com/
The official academy of ChatGPT & OpenAI.

3. Anthropic Academy - https://lnkd.in/dNUwJR_Q
The official academy of Anthropic.

4. Gemini prompting guide - https://lnkd.in/gbmYrKJB
The best prompt guide, straight from Google.

5. Write a thesis with AI - https://lnkd.in/dY8H7UDK
To learn how to write a thesis in 40 minutes.

6. Deepdive into LLMs - https://lnkd.in/d2eAsrsa
If you have 3 hours, → an absolute goldmine.

7. Claude from A to Z - https://lnkd.in/dJGkd68m
The official guide for Claude, from Claude's team.

8. Guide to AI agent - https://lnkd.in/d_e2FP2u
OpenAI made this (somehow) unknown guide.

9. Prompting 101 by Anthropic - https://lnkd.in/dFTzCQGQ
An entire course on how to prompt Claude.

Recommendation for SOC Training

Start with DamnVulnerableLLMProject to let your team safely explore prompt vulnerabilities in a controlled, hands-on environment.
Progress to Gandalf to experience more interactive challenge dynamics and adaptive model defenses.
Incorporate PurpleLlama / CyberSecEval 2 for structured evaluation and benchmarking of your models’ resilience.
Use HackAPrompt resources to educate your SOC on prompt security theory and best practices.
Include Multi-Chain challenge if your systems rely on multi-step LLM workflows—this highlights complex threat surfaces you should understand.

PCAP Analysis Prompt

I am a SOC Analyst, and I've been tasked with analyzing a PCAP file that potentially contains suspicious network traffic. I need your help to perform a detailed analysis of the attached PCAP file and generate a comprehensive summary report for the SOC Manager. Please follow these steps and include the requested details:

Analyze the Attached PCAP File:
Extract the relevant metadata from the PCAP file (e.g., source IP, destination IP, ports, protocols). Identify any unusual or suspicious traffic patterns that could indicate malicious behavior. Look for known attack signatures, such as DDoS patterns, data exfiltration attempts, command-and-control communications, etc. Provide a timeline of events, if possible, based on the traffic patterns in the PCAP.

Threat Identification:
Identify any potential threats, categorizing them as high, medium, or low severity. Include details on the specific type of threat (e.g., botnet activity, malware communication, reconnaissance attempts). If any threats are identified, provide possible attack vectors and any relevant context (e.g., specific protocol anomalies, abnormal data flows).

Recommendations for Mitigation:
Based on your analysis, recommend steps that the SOC team should take to mitigate the identified threats. Suggest any additional tools or techniques that could be employed to investigate further or prevent similar attacks.

Summary Report for SOC Manager:
Prepare a concise summary report highlighting the key findings from the analysis. Include the following sections: Introduction: Brief overview of the PCAP analysis. Key Findings: Key findings from the traffic analysis (e.g., suspicious IP addresses, unusual traffic patterns). Identified Threats: Summary of any identified threats, categorized by severity. Recommendations: Recommended actions for the SOC team to take next. The report should be formatted clearly and should be easy for a non-technical manager to understand while also providing the technical details needed for further investigation.

Gen AI Models Used or Marketed for Malicious Activity

WormGPT

• Dark web–promoted model (2023).

• Marketed as a “jailbreaked” alternative to ChatGPT for writing phishing emails and malware.

• Example use case attackers claimed: business email compromise (BEC).

• Researchers flagged it as basically a re-skinned large language model without guardrails.

FraudGPT

• Another underground “offensive AI” tool.

• Marketed as capable of generating phishing kits, carding tutorials, and fake IDs.

• Likely a rebranded open-source model with unsafe prompts.

DarkBERT / DarkGPT (misused versions)

• Originally built by researchers to study darknet data.

• Some threat actors falsely claim to use “DarkGPT” as a hacking assistant.

• In reality, many are scams, but still part of attacker chatter.

Evil-GPT

• A supposed malicious chatbot service.

• Promoted as an “unfiltered ChatGPT for hackers.”

• Often bundled with malware forums to trick buyers.

HackGPT

• Underground model advertised as helping with exploit code and evasion.

• Likely another case of reskinned LLMs with safety filters disabled.

WolfGPT

• Cited in some dark web forums.

• Claimed to provide assistance with malware obfuscation and attack scripts.

• Very likely a scam or low-quality rebrand.

AnonGPT

• Promoted as “privacy-preserving” AI for cybercriminals.

• Marketed on Telegram groups tied to fraud.

• Security researchers view it as unreliable.

BadGPT

• Underground service claiming to generate spearphishing content and ransomware notes.

• Most often used as “AI as a Service” on Telegram/Discord.

BlackHatGPT

• Another “jailbroken AI” branding, usually advertised alongside carding shops.

• Unclear if it’s real or mostly scammy marketing.

• Private fine-tuned open-source models

• Many threat actors just download LLaMA, GPT-J, or other open models and fine-tune them with malicious data (e.g., phishing templates, malware code).

This is often more dangerous than “GPT clones” sold on forums, because it’s harder to track.