In this article, you’ll discover the essentials of OffSec KAI and OffSec KAI LE, including an overview of their features, who can access them, and a guide to leveraging their capabilities for optimal results.
- OffSec KAI Overview
- KAI Functionalities and Limitations
- Engaging with KAI
- Security and Data Privacy with KAI
OffSec KAI Overview
What does OffSec KAI stand for?
OffSec Knowledge Artificial Intelligence
What is OffSec KAI?
OffSec KAI is a sophisticated, AI-driven platform that offers personalized guidance, explanations, and recommendations to help learners excel in their course material. Initially developed for PEN-200 learners, KAI provides tailored support, adapting to the specific needs of each learner. Now, KAI has been extended to Learn Enterprise (LE) learners with the introduction of OffSec KAI LE, an enhanced version available exclusively for LE users, offering an expanded range of assistance across all OffSec learning modules.
KAI is designed to act as an intelligent learning assistant.
- For PEN-200 learners, it offers customized insights into course topics, techniques, and capstone exercises.
- KAI LE extends these capabilities, offering enterprise users comprehensive support across various topics, tools, and learning paths within OffSec’s curriculum.
While KAI enhances understanding with personalized explanations, it’s important to see it as a supplementary resource—not a substitute for human mentorship. KAI is meant to complement your learning, helping you navigate complex concepts while promoting independent problem-solving and mastery of the material.
What are the Key Differences Between OffSec KAI and OffSec KAI LE?
-
OffSec KAI for active PEN-200 learners:
OffSec KAI offers personalized guidance specific to the PEN-200 course, helping learners with course content, techniques, and capstone exercises as they prepare for the OSCP certification. It provides focused assistance for those enrolled in PEN-200. -
OffSec KAI LE for active Learn Enterprise (LE) learners:
OffSec KAI LE is an extended version of KAI, available exclusively to Learn Enterprise learners. It offers support across all learning modules in the OffSec Learning Library, delivering personalized explanations on a broader range of topics, tools, and techniques. This version is designed to meet the diverse learning needs of enterprise users.
KAI Functionalities and Limitations
Who can use KAI?
-
OffSec KAI is accessible to learners with an active PEN-200 course, through:
- Learn Enterprise
- Learn Unlimited
- Learn One
- Course & Cert Exam Bundle
- OffSec KAI LE is accessible to learners with an active Learn Enterprise subscription only. It extends beyond PEN-200, covering all OffSec learning modules, making it ideal for enterprise learners who require support across a wide range of content.
How can I access KAI?
- OffSec KAI for the PEN-200 course is available through the OffSec Learning Library (OLL). You’ll find KAI on the right navigation bar within the PEN-200 learning modules.
- OffSec KAI LE is available to Learn Enterprise learners. You can access it via the left navigation bar in the OffSec Learning Library, where it provides assistance for all learning modules.
What types of inquiries can KAI support?
For PEN-200 learners:
KAI currently supports inquiries based on the OffSec PEN-200 course learning modules and module capstone exercises. At this time, prompts (questions) related to challenge labs are not available in this release. However, if you have questions related to course topics, concepts, techniques, or capstone exercises, KAI is equipped to assist you. The more detailed and specific your prompt (question), the better KAI can understand and respond to your inquiry.
Here are two main approaches for interacting with KAI, along with example prompts:
1. Asking Questions Related to Topics, Concepts, and Techniques
These types of questions can help clarify specific areas of learning. Example prompts include:
- What is the difference between active and passive information gathering?
- What is nmap? Can you show me some examples?
- In the "Automating the Attack" learning objective - is it possible to pass the url and POST parameter directly to sqlmap rather than having to intercept the request in burp, saving it and then passing to sqlmap?
2. Asking Questions to Guide and Mentor Module Capstone Exercises
When seeking guidance on capstone exercises, ensure you copy and paste the exact questions from the course learning module. This helps KAI recognize you are referring to capstone exercises and allows it to better guide your efforts.
For example:
- I need help with “Capstone Exercise: Use the methods and techniques from this Module to enumerate VM Group 1. Get access to both machines and find the flag.
Once the VM Group is deployed, please wait two more minutes for one of the web applications to be fully initialized.” - Please help me with “Capstone Exercise: Use the methods and techniques from this Module to enumerate VM Group 1. Get access to both machines and find the flag. Once the VM Group is deployed, please wait two more minutes for one of the web applications to be fully initialized”
Watch this video for a walkthrough on how to effectively ask KAI about your capstone exercises.
For Learn Enterprise (LE) learners:
KAI LE currently supports inquiries based on all the OffSec course learning modules. At this time, prompts (questions) related to exercises and labs are not available in this release. However, if you have questions related to course topics, concepts, or techniques KAI LE is equipped to assist you. The more detailed and specific your prompt (question), the better KAI can understand and respond to your inquiry.
Here are some approaches for interacting with KAI LE, along with example prompts:
Prompt structure
Acting as a [Role]
Perform/Create/Develop/Automate/Provide [Task]
In [Format]
ATTACK
- MSSQL Server Enumeration
Acting as a Penetration Tester, automate MSSQL server discovery and basic enumeration in a PowerShell script. - WinDbg Basics Introduction
Acting as an Exploit Developer, complete setup and initial use of WinDbg for Windows binary analysis in a bulleted list of steps. - Kiosk System Exploitation Learning
Acting as a Red Team Member, perform research on kiosk breakout techniques in summary of key attack vectors.
DEFEND
- Lateral Movement Detection
Acting as a SOC Analyst create a basic Splunk alert for lateral movement in SPL query with brief explanations. - Brute Force Attack Detection
Acting as a Threat Hunter develop an Elastic SIEM rule for detecting brute force attacks on Windows in KQL syntax. - Basic Firewall Configuration
Acting as a Network Security Administrator, perform configuration of a simple firewall rule to restrict SSH access in iptables firewall rule syntax.
BUILD
- Active Directory Certificate Services Hardening
Acting as a Windows System Administrator, perform security hardening of Active Directory Certificate Services in detailed configuration checklist.
- Secure DevOps Practices
Acting as a DevOps Engineer provide steps for integrating security practices in the development lifecycle in checklist of essential requirements. - Linux Server Security Setup
Acting as a Systems Administrator, perform security hardening of a new Linux server in categorized checklist.
What KAI can't currently support
KAI, including KAI LE, is not designed to answer generic or non-OffSec material-related questions. For example, if you ask, “Who is Gandalf the Grey?” KAI will not provide an accurate response as it focuses solely on OffSec’s course material.
How accurate is KAI?
KAI is continuously improving, but it may occasionally provide inaccurate responses, also known as "hallucinations." OffSec closely monitors KAI’s performance to improve its accuracy over time. If you encounter an issue, you can provide feedback to help us enhance KAI.
- PEN-200 learners can report inaccuracies by using the thumbs-down icon or contacting the OffSec Student Success team at help@offsec.com.
- OffSec KAI LE users can reach out to their Enterprise Customer Service (ECS) representative for support and feedback.
Your feedback is valuable in helping improve KAI's effectiveness and reliability. We will make KAI better together.
Engaging with KAI
What are the recommended best practices for effective KAI interaction?
To ensure optimal interaction with KAI, follow these best practices:
- Be Specific and Clear: Provide detailed information about your query. Instead of asking a vague question, be precise about what you need help with.
- Mention Context and Background: Include the specific learning objective, module(s) you are referencing. This helps KAI provide a more accurate answer. The more specific the better.
- State What You’ve Tried: Share the steps you’ve already taken and any methods you’ve tried. This avoids redundant suggestions and helps KAI understand your current progress.
- Use Correct Technical Terms: Use the correct terminology related to the PEN-200 material to ensure your question is accurately understood.
- Ask One Question at a Time: Focus on a single issue per prompt (question). This ensures you get a precise and focused answer, and will help avoid “hallucinations”.
- Be Patient and Follow Up: Allow KAI time to respond. If the answer isn’t sufficient, provide more details or rephrase your question.
What should I do if KAI doesn’t address my inquiry?
- OffSec KAI users: If KAI doesn’t resolve your question, you can reach out to the OffSec Discord Server in the PEN-200 channels or email help@offsec.com for further assistance.
- OffSec KAI LE users: If KAI LE fails to address your inquiry, you can contact your ECS representative or use the feedback options provided in the chat interface.
Can I provide feedback about my experience with KAI?
Absolutely! Your feedback helps us improve KAI’s accuracy and overall effectiveness. Feedback can be submitted through the Thumbs Up or Thumbs Down options in the chat interface.
For OffSec KAI LE users, you can also include a brief explanation with your feedback or share it directly with your ECS representative. Your input plays a vital role in improving KAI, enhancing learner satisfaction, and refining the overall experience. OffSec is committed to using your feedback to continually enhance its products and services. Let’s work together to make KAI even better!
Can I use KAI during my OSCP exam?
No, KAI (including KAI LE) is not allowed during the OSCP exam or during the report write-up phase. KAI will adhere to the OffSec Academic Policy, where hints and guidance are not allowed.
Does KAI Provide Accurate Pricing and Policy Information?
KAI may occasionally provide inaccurate responses (or “hallucinations”). For accurate and current pricing details, please refer to the prices displayed on the OffSec website.
Any policy suggestions must be validated by visiting the OffSec Help Center or contacting orders@offsec.com prior to being honored by OffSec.
Learn Enterprise learners should consult their ECS representative to confirm pricing and policy-related answers provided by KAI LE.
Security and Data Privacy with KAI
Is my interaction with KAI secure?
Yes, interactions with KAI are secure and conducted in accordance with OffSec’s security practices. That said, it is a security best practice to refrain from unnecessarily sharing any personally identifiable information (PII).
Does KAI have access to my personal information?
Please do not put personal data or sensitive information into KAI.
KAI cannot access or retrieve specific learner information such as your identity, subscription type, course and lab access, and exam history. KAI’s functionality is limited to providing information and assistance that does not require access to personal or sensitive learner data.
What privacy terms govern my interactions with KAI?
OffSec’s privacy statement set forth at https://www.offsec.com/legal-docs/#privacy-policy governs OffSec’s processing of personally identifiable information (PII) overall and if a learner inadvertently submitted PII into KAI.