# api

Your First Claude API Call

設定 the Anthropic SDK and make your first Claude API call with 系統提示詞s and messages.

labsanthropicapibeginner

Your First LLM API Call with OpenAI

設定 your Python environment and make your first LLM API call to understand request/response patterns.

labsopenaiapibeginner

labsapiheadersanalysisbeginner

API Response Header 分析

分析HTTP response headers from LLM APIs to fingerprint providers,versions,middleware.

labsmodel-extractionapiexpert

Model Extraction via API Access

Extract a functionally equivalent model using only API query access.

intermediateabuselabpatternslabsapi

API Abuse Pattern 實驗室

Discover與exploit API abuse patterns,包括 parameter injection,header manipulation,endpoint confusion.

labsapifuzzingintermediate

API Parameter Fuzzing for LLMs

Systematically fuzz LLM API parameters to discover unexpected behaviors與bypasses.

fineintermediatetuninglablabsapi

微調 API 安全 Probing

Probe fine-tuning APIs for security weaknesses,包括 insufficient validation與unsafe default configurations.

labmodel-extractionstealingapi

實驗室: Basic 模型萃取

動手實驗室,主題為API-based 模型萃取 attacks,querying a target model to approximate its behavior,measuring fidelity,understanding query budgets.

apienumerationendpointsreconnaissancediscovery

AI API 列舉

透過系統性列舉技術發現 AI API 端點、參數、模型設定與未記錄的功能。

llmapienumerationreconnaissancecapabilitiesrestrictions

LLM API 列舉

列舉 LLM API 能力、限制、隱藏參數與未記錄功能的進階技術，以建立完整攻擊面圖。

referenceendpointreferencesapi

LLM API 端點參考

跨供應商 LLM API 端點的參考,附安全相關參數與選項。

referencesapisecurityreference

模型 API 安全參考

主要模型 API 的安全參考,包含認證、速率限制與安全功能。

apireverse-engineeringreconnaissanceendpointsrate-limiting

AI API Reverse Engineering

Techniques for reverse engineering AI APIs including mapping undocumented endpoints, parameter discovery, rate limit profiling, and extracting implementation details from API behavior.

reconnaissancefingerprintingosintllmapishadow-aitradecraft

針對 AI 目標的進階偵察

針對紅隊委任的 LLM 供應商指紋識別、API 逆向工程、基礎設施偵測，以及影子 AI 發掘。

walkthroughsapiabuse-chainsmulti-step

API 濫用鏈攻擊詳解

鏈接多個 API 呼叫以實現任何單次呼叫都無法允許的未授權行動。

進階

API 鏈式利用詳解

詳解代理系統中鏈接多個 API 呼叫以實現多步驟未授權行動的方法。

chainingattacksexploitationapiwalkthroughs

進階

API 速率限制繞過

繞過 LLM 服務 API 速率限制的技術，包括標頭操控、分散式請求、認證輪換和端點探測。

infrastructureapirate-limitingbypassred-teaming

infrastructureapiinferenceexploitationred-teaming

Inference Endpoint 利用ation

利用ing inference API endpoints for unauthorized access, data exfiltration, and service abuse through authentication flaws, input validation gaps, and misconfigured permissions.

進階

Model Extraction 攻擊詳解

Walkthrough of extracting model weights/behavior through systematic API querying.

walkthroughsmodel-extractionstealingapi

apiengagementauthenticationrate-limitinginput-validationmodel-fingerprintingwalkthrough

AI API 紅隊 Engagement

Complete walkthrough for testing AI APIs: endpoint enumeration, authentication bypass, rate limit evasion, input validation testing, output data leakage, and model fingerprinting through API behavior.