ADV-102

Overview

• ADV-102 Course Outline
• ADV-102 Equipment and Setup Guide
• ADV-102 Capstone Specification
• ADV-102 Instructor Guide

Weekly modules

• Week 1: The CVE-to-Tool Methodology, Recapped from ADV-101
• Week 2: LangChain Architecture and the Templating Pipeline
• Week 3: Jinja2 SSTI, the Bug Class
• Week 4: CVE-2025-65106, the Specific Instance
• Week 5: The Patch and the Defender Lens
• Week 6: Building the Reproduction Tool (CVE Detector)
• Week 7: Cross-Language Generalisation (Gonja CVE-2025-9556)
• Week 8: Coordinated-Disclosure Discipline
• Week 9: Defensible Reproduction-Tool Deployment
• Week 10: Capstone Delivery

Labs

• Lab Pack 1: ADV-101 to ADV-102 Mapping Table (Week 1)
• Lab Pack 2: LangChain Templating Pipeline Trace (Week 2)
• Lab Pack 3: Generic Jinja2 SSTI in Flask (Week 3)
• Lab Pack 4: CVE-2025-65106 End-to-End Reproduction (Week 4)
• Lab Pack 5: Upstream Patch Diff and Defender Lens (Week 5)
• Lab Pack 6: CVE Detector Reproduction Tool (Week 6)
• Lab Pack 7: Gonja Go-Cousin Reproduction (Week 7)
• Lab Pack 8: Coordinated-Disclosure Timeline Walk (Week 8)
• Lab Pack 9: Tool Packaging and Private-Repo Publication (Week 9)
• Lab Pack 10: Capstone Delivery (Week 10)

Classroom tools and references

ADV-102 leans on the academy classroom for the OWASP taxonomy work and the pcap-tools wiretap surface for the Module 2 LangChain trace lab. The reproduction-tool work happens in your local Python environment with pinned LangChain.

• AI-101 classroom for the OWASP LLM Top 10 anchor you already studied.
• AI-201 classroom for the agentic-system pentesting context the capstone report draws on.
• ADV-101 classroom for the CVE-to-Tool methodology this course mirrors.
• mini-wireshark-cves unit for the classical-era CVE-to-Tool reproduction pattern.
• Pcap analyzer (cross-origin) for the Module 2 trace lab; the full-dissector wiregasm mode is opt-in.
• LLM and Agentic-System Security Vocabulary Reference, the course-companion handout.