# reconnaissance
24 articlestagged with “reconnaissance”
Recon & Fingerprinting Assessment
Test your knowledge of AI system reconnaissance, model fingerprinting, architecture enumeration, and information gathering techniques with 8 beginner-level questions.
Skill Verification: Reconnaissance
Timed skill verification lab: profile an unknown AI system in 20 minutes by identifying the model, extracting configuration, and mapping capabilities.
Behavioral Fingerprinting Tool
Building tools that fingerprint model behavior through systematic probing to identify specific models, versions, and configurations behind APIs.
Lab: Mapping an AI System's Attack Surface
Hands-on lab walking through reconnaissance of an AI system — identifying components, mapping data flows, enumerating tools, and documenting the attack surface.
Attacking Experiment Tracking Systems
Techniques for exploiting experiment tracking platforms like MLflow, Weights & Biases, Neptune, and CometML, including data exfiltration, metric manipulation, experiment injection, and leveraging tracking metadata for reconnaissance.
Identifying LLM Defenses
Map the defensive layers of an LLM application through systematic probing and error analysis.
Lab: Error Message Analysis for Recon
Analyze LLM application error messages to extract information about system architecture, models, and defensive layers.
Lab: System Prompt Extraction
Hands-on techniques for extracting hidden system prompts from LLM-powered applications using direct asking, role-play, instruction replay, and other methods.
Lab: System Prompt Reconstruction
Use various techniques to systematically extract and reconstruct the full system prompt of an LLM application, combining direct, indirect, and incremental extraction methods.
Analyzing Refusal Messages for Intel
Extract useful information about model configuration and guardrails by systematically analyzing refusal messages.
Experiment Metadata Leakage
How experiment metadata reveals sensitive information: hyperparameters exposing architecture secrets, loss curves revealing training data properties, run names and tags disclosing project intent, and techniques for extracting intelligence from ML experiment logs.
AI API Enumeration
Discovering AI API endpoints, parameters, model configurations, and undocumented features through systematic enumeration techniques.
LLM API Enumeration
Advanced techniques for enumerating LLM API capabilities, restrictions, hidden parameters, and undocumented features to build a comprehensive attack surface map.
Model Identification Techniques
Fingerprinting models behind APIs using behavioral signatures, output analysis, and systematic probing to determine model family, size, and version.
OSINT for AI Red Teaming
Gathering intelligence about AI deployments from public sources: documentation, job postings, research papers, social media, and technical artifacts.
AI API Reverse Engineering
Techniques for reverse engineering AI APIs including mapping undocumented endpoints, parameter discovery, rate limit profiling, and extracting implementation details from API behavior.
Advanced Reconnaissance for AI Targets
Fingerprinting LLM providers, API reverse engineering, infrastructure detection, and shadow AI discovery for red team engagements.
AI Red Team Reconnaissance
Reconnaissance techniques for mapping AI system architecture, models, and defense configurations.
Defense Mapping Methodology
Methodologies for systematically identifying and mapping the defensive controls protecting a target AI system before launching attacks.
Tradecraft
Advanced AI red team tradecraft covering reconnaissance techniques, AI-specific threat modeling, and structured engagement methodology for professional adversarial assessments.
Model Enumeration Techniques
Systematic techniques for identifying specific models, versions, and configurations behind API endpoints through behavioral analysis and probing.
Target Profiling for AI Systems
Building comprehensive profiles of target AI systems including architecture, capabilities, defenses, and known weaknesses before engagement.
Mapping the Attack Surface of AI Systems
Systematic walkthrough for identifying and mapping every attack surface in an AI system, from user inputs through model inference to output delivery and tool integrations.
Reconnaissance Workflow
Systematic reconnaissance workflow for AI red team engagements: system prompt extraction, model identification, capability mapping, API enumeration, and documenting the attack surface.