We’re excited that Bishop Fox Security Consultant Wes Wright will be speaking at this year’s BSides SATX 2025. His talk will dig into real-world offensive security challenges and lessons learned from the field.

If you’re attending, keep an eye on the schedule and make time to catch Wes’s session and the Bishop Fox team. BSides SATX has always been about learning from each other, and we’re glad to be part of the conversation again.

"Offensive by Design: GenAI and Docker for the Lazy Hacker"

The goal of this talk is to demonstrate a practical, real-world integration of Generative AI into offensive security operations. This talk focuses on improving workflow automation for red teamers, pen-testers, and hybrid operators through structured co-development with GenAI. It also includes humorous stories of the headaches experienced along the way.

The journey began with a common pain point: Every new client engagement required repetitive setup work. Tools needed to be installed, environments needed isolation, and notes had to be templated. Old workflows with virtual machines and snapshots were cumbersome and became bloated. So I asked myself, “What if GenAI could do 90% of this for me?”

Using ChatGPT as a collaborative development assistant, I created a CLI utility (pipx-installable) that dynamically generates pentest-ready Docker Compose environments based on test type (network, mobile, or cloud). Each environment includes context-specific tools installed automatically, with persistent workspace mounts and support for custom client identifiers. The tool creates a folder structure, .env config, and even a Markdown notes file, all structured around common pen-test needs.

Through this iterative process, I leveraged GenAI not only to generate code but also to identify logic flaws, refactor large modules, track context across sessions, maintain consistency in packaging, deployment, and testing, and bash many, many bugs.

Topics covered will include:

• Structuring GenAI prompts for infrastructure-as-code use cases
• Building a reliable development loop with LLM feedback
• Designing test environments for structured notes and artifacts
• Using Docker Compose as a universal baseline for offensive security environments
• Common pitfalls when treating GenAI like a human developer
• How to version, distribute, and maintain a pipx-compatible CLI tool

Attendees will walk away with a deeper appreciation for how GenAI can streamline non-exploit tasks, not as a replacement for human creativity, but as an augmentation. I will demo portions of the tool live and share access to a public repo so attendees can adapt the concepts for their teams.

Register here.