AI Prompting Pro Guide

Master the art of AI prompting with best practices, workflow optimization, context management, and cybersecurity-specific techniques.

Core Prompting Principles

The 4 C’s Framework

# Clear - Be specific and unambiguous
❌ "Write a script"
✅ "Write a Python script that scans for open ports on a target IP"

# Concise - Avoid unnecessary words
❌ "Please create a very detailed and comprehensive script"
✅ "Create a script that..."

# Contextual - Provide relevant background
❌ "Fix this code"
✅ "Fix this Python function that handles user authentication"

# Complete - Include all necessary details
❌ "Make it secure"
✅ "Implement input validation, parameterized queries, and error handling"

Role-Based Prompting

# Define the AI's role
"You are a senior cybersecurity expert with 15 years of experience in penetration testing."

# Specify expertise level
"You are a Python developer specializing in automation and security tools."

# Set expectations
"Provide code that follows OWASP guidelines and includes detailed comments."

Advanced Prompting Techniques

Chain-of-Thought Prompting

# Break complex tasks into steps
"Let's solve this step by step:
1. First, analyze the security requirements
2. Then, design the architecture
3. Finally, implement the solution"

# Ask for reasoning
"Explain your thought process as you write this code."

Few-Shot Learning

# Provide examples
"Here are examples of good prompts:
- 'Create a Python script that scans ports 80,443,8080'
- 'Write a bash script to check system logs'

Now create a similar script for..."

# Show input-output pairs
"Input: 'scan network'
Output: 'nmap -sn 192.168.1.0/24'

Input: 'check logs'
Output: 'tail -f /var/log/auth.log'"

Context Window Optimization

Managing Long Contexts

# Use summaries for long documents
"Summarize this 1000-line code file in 3 bullet points, then suggest improvements."

# Break large tasks
"Instead of analyzing the entire codebase, focus on the authentication module first."

# Use references
"Reference the security guidelines from the previous conversation when writing this script."

Context Hierarchy

# Most important information first
"CRITICAL: This is for production use. Security is paramount.
Background: We need a port scanner
Requirements: Must be stealthy and configurable"

# Use headers for organization
"## Security Requirements
## Technical Specifications  
## Implementation Details"

Workflow Optimization

Iterative Refinement

# Start broad, then refine
"1. Give me a basic port scanner
2. Now add stealth capabilities
3. Add configuration options
4. Include error handling
5. Add logging and monitoring"

# Progressive enhancement
"First, create a simple version. Then, we'll add features one by one."

Change Management

# Specific change requests
"Modify the port scanner to:
- Add timeout parameter (default: 5 seconds)
- Include service detection
- Output results in JSON format"

# Version control approach
"Create version 2.0 of the script with these improvements..."

Quality Assurance Prompts

# Code review requests
"Review this code for:
- Security vulnerabilities
- Performance issues
- Best practices
- Error handling"

# Testing prompts
"Create unit tests for this function"
"Generate test cases for edge cases"

Cybersecurity-Specific Prompting

Security Tool Development

# Penetration testing tools
"Create a Python script for:
- Target: Web applications
- Purpose: SQL injection testing
- Requirements: Stealth mode, configurable payloads, detailed reporting
- Safety: Include warnings and responsible disclosure notes"

# Network reconnaissance
"Write a bash script that:
- Scans for common services
- Identifies potential vulnerabilities
- Generates a security report
- Uses non-intrusive methods"

Payload Generation

# SQL Injection payloads
"Generate SQL injection payloads for:
- Authentication bypass
- Data extraction
- Error-based detection
- Time-based blind injection

Include explanations for each payload."

# XSS payloads
"Create XSS payloads that:
- Bypass common filters
- Work in different contexts
- Include event handlers
- Demonstrate various attack vectors"

Exploit Development

# Buffer overflow
"Write a buffer overflow exploit for:
- Target: Linux x86 application
- Vulnerability: Stack-based overflow
- Goal: Remote code execution
- Requirements: Include shellcode and explanation"

# Web application exploits
"Develop a CSRF exploit that:
- Targets the admin panel
- Uses JavaScript injection
- Includes token bypass techniques
- Provides proof-of-concept code"

Context Management Strategies

Memory Optimization

# Use summaries
"Summarize our conversation so far in 3 key points."

# Reference previous work
"Using the port scanner from earlier, add these features..."

# Clear context when switching topics
"Let's start fresh with a new topic: web application security."

Context Switching

# Save important information
"Remember these key points for later:
- Target system: Linux
- Security level: High
- Compliance: PCI DSS"

# Restore context
"Resume work on the port scanner with these saved parameters..."

Multi-Project Management

# Project separation
"Project A: Network scanner
Project B: Web application tester
Project C: Report generator

Let's work on Project A now."

Best Practices for Different AI Models

GPT-4 Specific

# Leverage reasoning capabilities
"Think through this step by step and explain your reasoning."

# Use system messages effectively
"System: You are a cybersecurity expert. Always prioritize security and include warnings."

# Utilize function calling
"Extract the IP addresses from this text and format them as a list."

Claude Specific

# Use detailed explanations
"Provide a detailed analysis with pros and cons for each approach."

# Leverage code understanding
"Analyze this code for security vulnerabilities and suggest improvements."

# Use structured output
"Format your response as:
- Summary
- Technical Details
- Security Considerations
- Recommendations"

Code-Specific Models

# For GitHub Copilot
"Write a function that..."
"Complete this code..."
"Add error handling to..."

# For specialized coding AIs
"Optimize this algorithm for performance"
"Refactor this code for better maintainability"

Prompt Engineering for Security

Ethical Considerations

# Include safety disclaimers
"IMPORTANT: This is for educational purposes only. Use responsibly and legally."

# Add responsible disclosure
"Include warnings about proper authorization and responsible disclosure."

# Emphasize legal compliance
"Ensure all code follows applicable laws and regulations."

Security-First Prompting

# Security requirements
"Prioritize security in this order:
1. Input validation
2. Authentication
3. Authorization
4. Data protection
5. Error handling"

# Compliance considerations
"Ensure this code meets:
- OWASP guidelines
- Industry best practices
- Relevant compliance standards"

Advanced Techniques

Prompt Chaining

# Multi-step process
"Step 1: Analyze the security requirements
Step 2: Design the architecture
Step 3: Implement the solution
Step 4: Add security controls
Step 5: Create tests"

# Conditional prompting
"If the target is a web application, focus on OWASP Top 10.
If it's a network tool, focus on stealth and efficiency."

Context-Aware Prompting

# Adapt to environment
"Since this is for a production environment, include:
- Comprehensive error handling
- Logging and monitoring
- Security controls
- Performance optimization"

# Consider constraints
"Given the limited resources, optimize for:
- Memory efficiency
- Processing speed
- Network bandwidth"

Troubleshooting Common Issues

When AI Doesn’t Understand

# Rephrase the request
"Instead of 'make it better', say 'optimize for performance and security'"

# Provide more context
"Add background information about the target system and requirements"

# Use examples
"Show me what you mean by providing a concrete example"

When Output is Incomplete

# Ask for specific parts
"Focus on the authentication module first, then we'll do the rest"

# Request step-by-step
"Break this down into smaller, manageable pieces"

# Use iterative approach
"Start with a basic version, then we'll enhance it"

When Code Doesn’t Work

# Debug prompts
"Add debugging statements to help identify the issue"

# Error analysis
"Analyze this error message and suggest fixes"

# Testing approach
"Create a minimal test case to reproduce the issue"

Performance Optimization

Prompt Efficiency

# Use clear structure
"## Requirements
## Implementation
## Testing
## Security"

# Avoid redundancy
"Don't repeat information that's already established"

# Use templates
"Create a template for similar tasks"

Output Quality

# Request specific formats
"Format the output as:
- Code block with syntax highlighting
- Explanation of key concepts
- Usage examples
- Security considerations"

# Quality checks
"Review your output for:
- Completeness
- Accuracy
- Security
- Best practices"

Pro Tips

Time-Saving Techniques

# Use templates
"Create a template for security tool development"

# Batch requests
"Generate multiple variations of this payload"

# Leverage AI strengths
"Use AI for repetitive tasks, focus on creative problem-solving"

Continuous Improvement

# Learn from interactions
"Analyze which prompts work best for different tasks"

# Refine over time
"Keep a log of effective prompts and their results"

# Share knowledge
"Document successful prompting strategies for the team"

Security-Specific Examples

Network Scanning

"Create a network scanner that:
- Uses nmap for port discovery
- Implements stealth scanning techniques
- Generates detailed reports
- Includes service fingerprinting
- Respects rate limits and legal boundaries

Include error handling and logging."

Web Application Testing

"Develop a web application security tester that:
- Tests for common vulnerabilities (SQLi, XSS, CSRF)
- Uses automated scanning techniques
- Generates detailed reports
- Includes proof-of-concept exploits
- Emphasizes responsible disclosure

Focus on OWASP Top 10 vulnerabilities."

Malware Analysis

"Create a malware analysis toolkit that:
- Performs static analysis
- Implements dynamic analysis techniques
- Generates behavioral reports
- Includes sandbox capabilities
- Follows security best practices

Ensure all tools are for defensive purposes only."

Best Practices Summary

1. Be Specific: Clear, unambiguous requirements
2. Use Structure: Organize prompts with headers and sections
3. Iterate: Start simple, then enhance
4. Context Matters: Provide relevant background information
5. Security First: Always prioritize security and ethical considerations
6. Test and Validate: Verify outputs and refine prompts
7. Document: Keep track of what works
8. Stay Legal: Ensure compliance with laws and regulations

---

Question loudly so others can learn quietly. Stay curious. Stay loud.

Don’t Be A Skid -Zero

Buy Me A Coffee @iamnotaskid