Week 1 maps the ADV-101 CVE-to-Tool methodology onto the LLM-era target. You produce the two-page mapping table that anchors the rest of the course and sets your expectations.
Reading
- Re-read ADV-101 Module 1 (CVE-to-Tool methodology) from your cohort archive.
- Stuttard and Pinto, WAHH, Chapter 8 intro (SSTI overview). Roughly fifteen pages.
- OWASP LLM Top 10 (current release), the LLM01 entry. Free.
- Skim the public page for ADV-102 at vca-adv-102.html.
Lecture
Roughly three hours across two sessions. Key arc:
- ADV-101 in one slide: classical CVE, full reproduction, defensible tool, coordinated-disclosure report. ADV-102 mirrors the shape.
- Why LangChain plus CVE-2025-65106 is the right anchor for the LLM era.
- What changed from ADV-101 to ADV-102. Different attack surface, same methodology.
- The two-page mapping-table format. Cohort archive examples on the projector.
- Forward pointer to Module 2: the LangChain architecture trace.
Lab pack
Lab Pack 1 produces the ADV-101 to ADV-102 mapping table. See Lab Pack 1.
Tools you will use
- Your existing ADV-101 cohort archive for the mapping-table template.
- A diagramming tool of your choice (the academy ships an ASCII template).
OWASP LLM and ASI anchor
CVE-2025-65106 is an instance of LLM01 Prompt Injection in the specific sense that the injection reaches a template renderer, not the model. The mapping table you produce this week makes that classification explicit.
Reflection prompts
- Name three structural similarities between an ADV-101 classical CVE and CVE-2025-65106.
- Name three structural differences.
- If you had to pick a different LLM-era CVE as the course anchor, which would you pick and why?
What is next
Module 2 opens the LangChain architecture. You stop talking about the CVE and start reading the framework code that hosts it.