Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ChatGPT for Hacking

Anugrah SR
January 29, 2023
Technology
0
5.2k

ChatGPT for Hacking

Bug bounty and pentesting are crucial components of the cyber security landscape. These activities involve identifying and exploiting vulnerabilities in networks and systems in order to help improve their security. In recent years, a new tool has emerged that has the potential to greatly enhance the capabilities of bug bounty hunters and pentesters: ChatGPT.

Talk was part of Rootecstak

Anugrah SR

January 29, 2023
Tweet

More Decks by Anugrah SR

See All by Anugrah SR
Pentesting Password Reset Functionality
anugrahsr
0
780
IWCon2022: Biologist to Security consultant
anugrahsr
0
28
Hacking 101
anugrahsr
0
530
Playing With Password Reset Functionality
anugrahsr
2
4.7k

Other Decks in Technology

See All in Technology
カンファレンススタッフはいいぞ
muno92
PRO
1
140
AWS Lambda PHPのProduction利用を続ける僕がAWS App Runnerの可能性を探る
seike460
PRO
3
450
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
370
QMファンネルとQAキャリア
gen519
PRO
1
270
シゴトをジモトに運び込め〜大企業でCCoEやってた私が地元に事業所を作るまで〜
mamohacy
2
140
Privacy Techによる新しいデータ活用の形
line_developers
PRO
1
230
安全にプロセスを停止するためにシグナル制御を学ぼう!
yamamotohiroya
0
260
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
10
25k
べ、べつにアンタのことなんて 好きなんかじゃないんだからね! ねぇS3、アンタ聞いてんの!?
kentosuzuki
0
400
Cloudflare 基本のキ
katzueno
0
160
パブリッククラウド特有の脅威の向き合い方
lhazy
1
630
Oracle Cloud Infrastructure:2023年3月度サービス・アップデート
oracle4engineer
PRO
0
160

Featured

See All Featured
Stop Working from a Prison Cell
hatefulcrawdad
264
18k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
What’s in a name? Adding method to the madness
productmarketing
PRO
14
2k
Into the Great Unknown - MozCon
thekraken
5
390
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
227
16k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
Designing on Purpose - Digital PM Summit 2013
jponch
108
5.9k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
17k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.2k
Facilitating Awesome Meetings
lara
35
4.7k
Web Components: a chance to create the future
zenorocha
304
41k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.2k

Transcript

  1. CHATGPT FOR
    HACKING
    Unleashing the
    Power of
    ChatGPT for
    Bug Bounty and
    Penetration
    Testing
    -Anugrah SR
    Rootecstak

    View Slide

  2. TODAY'S
    AGENDA
    What is ChatGPT
    1
    Use cases in Hacking
    2
    Limitations
    3
    Prompts
    4

    View Slide

  3. > Anugrah SR
    Anugrah
    ChatGPT
    [email protected]:~#whoami
    > Cyber Security consultant at SecOps Group
    Independent Bugbounty Hunter
    Synack Red Team Member
    > Blogger, Speaker
    anugrahsr.in | p1boom.com
    > Find me here
    Twitter: @cyph3r_asr
    LinkedIn: anugrah-sr
    Web: anugrahsr.in

    View Slide

  4. Data is the new oil
    AGE OF AI What is AI
    AI stands for artificial intelligence, which refers
    to the simulation of human intelligence in
    machines that are programmed to think and
    learn like humans.
    Unmanned Drones
    Self driving cars
    Smart assistance
    Spam filters
    Robots
    Facial Recognition
    1
    Computing Power increased
    2
    Make life easy
    3

    View Slide

  5. View Slide

  6. The development of deep learning, a subfield of machine learning that uses neural
    networks with many layers to learn from and make predictions on data.
    This has led to significant improvements in areas such as image and speech
    recognition, natural language processing, and computer vision.
    Most notable advancements in AI

    View Slide

  7. Computer Vision
    https://thispersondoesnotexist.com/

    View Slide

  8. Image Generation

    View Slide

  9. Speech Recognition

    View Slide

  10. Focuses on the interaction between computers and human languages.
    The goal of NLP is to develop techniques that enable computers to understand,
    interpret, and generate human language.
    Natural Language Processing
    speech recognition
    machine translation
    sentiment analysis
    text summarization
    question answering.
    NLP techniques are used in a wide range of applications, such as
    These techniques are based on a combination of linguistics,
    computer science, and machine learning.

    View Slide

  11. Text tokenization: breaking a sentence or a text into words, phrases, or
    sentences.
    Part-of-speech tagging: identifying the grammatical role of words in a
    sentence.
    Named entity recognition: identifying and classifying named entities
    such as people, organizations, and locations in a text.
    Sentiment analysis: determining the attitude or emotion expressed in a
    text.
    Text summarization: creating a shorter version of a text that preserves its
    main ideas.
    Some of the most common NLP tasks include:
    Natural Language Processing

    View Slide

  12. WHAT IS
    CHATGPT-3
    Are You Ready?

    View Slide

  13. OPENAI
    ChatGPT-3 is a state-of-the-art language generation model developed by OpenAI.
    It was founded in 2015 by Elon Musk and others
    OpenAI is a research organization that aims to promote and develop friendly AI in a responsible way.

    View Slide

  14. CHATGPT-3
    GPT-3 is "Generative Pre-trained Transformer 3" . It is a language generation model
    developed by OpenAI, that uses deep learning techniques to generate human-like text.
    GPT-3
    Nov 30 2022 ChatGPT-3 was released and rest was history

    View Slide

  15. IT WAS VIRAL
    People started taking advantage of it and
    having fun with it

    View Slide

  16. View Slide

  17. Accessing ChatGPT
    https://chat.openai.com/

    View Slide

  18. Accessing ChatGPT
    https://chat.openai.com/

    View Slide

  19. Accessing ChatGPT
    https://chat.openai.com/chat

    View Slide

  20. https://chat.openai.com/chat

    View Slide

  21. Let's see how as hacker
    we can use it

    View Slide

  22. What is prompt
    A prompt is a piece of text that guides the GPT-3 model in generating relevant and coherent text. It sets the context
    and topic for the generated text and the quality of the generated text is highly dependent on the prompt provided.
    New job role: prompt engineer
    a prompt engineer is a person who is
    responsible for designing and creating
    prompts for a language generation model
    like GPT-3, with the goal of ensuring that
    the generated text is relevant, coherent,
    and of high quality.

    View Slide

  23. Before you use ChatGPT
    It is only as good as the data it has been trained
    on, so it may not be able to generate responses to
    prompts or situations that it has not seen before.
    Do not put your sensitive information prompt
    Always verify the information

    View Slide

  24. what are some prompt that
    a hacker can use?

    View Slide

  25. Are you looking for a mentor?
    how can I get started in cyber security?
    can you teach me what is an ssrf with example
    what are places to learn about bugbounty

    View Slide

  26. Help you write Reports
    write a pentest report for a sql finding at endpoint "http://testphp.vulnweb.com/search.php?test=test%27" with
    remediation, recommendation ,step to reproduce

    View Slide

  27. Help you write Emails

    View Slide

  28. Help you write Blog

    View Slide

  29. Help you write Automation Script

    View Slide

  30. Help you write your own CTF

    View Slide

  31. Help you write your own Burp Extension

    View Slide

  32. Make tools faster

    View Slide

  33. Help you write your own Burp Extension

    View Slide

  34. Help you write your own Nuclei template

    View Slide

  35. Help you write your own Browser
    Extension

    View Slide

  36. Help you find bugs in code

    View Slide

  37. View Slide

  38. View Slide

  39. Banning ChatGPT
    The primary objective of the OSCP exam is to
    evaluate your skills in identifying and exploiting
    vulnerabilities, not in automating the process.

    View Slide

  40. Will AI replace me?
    The short answer is NO
    But some who know how to use AI will

    View Slide

  41. https://anugrahsr.in/chatgpt-for-hacking/

    View Slide

  42. Thank you
    Twitter
    @cyph3r_asr
    LinkedIn
    @anugrah-sr
    www.anugrahsr.in
    Slides will be available here:

    View Slide