How to use ChatGPT for Cybersecurity

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how's it going everyone Cody Bernardi here with another YouTube video and in today's video we are talking about weaponizing chat GPT um I have yet to make a video on this Tool uh because I wanted to play around with it a little bit get to know it a little bit more and uh yeah this tool is pretty scary for security related purposes now I will over the next coming months or maybe weeks uh try to find some use cases for ocent uh haven't really found it yet because it it the tool itself does not analyze current information it really is only great for making code and all that at least in the use case that I have so anyways taking a look at on my screen right now this is chat GPT now the first thing that I have listed here as something that you can use it for is creating Google dorks now I've covered Google dorks a few times in the past um and uh we'll just do create a Google dork to search dot gov web sites for PDF CSV and XLS files now uh you will get this quite a bit it says the content may violate our content policy but basically it gave us this so sitegov which is not correct because we want to put a star in there so star.gov and then it searches file type PDF or CSV or XLS um so it it gives out that sort of information it's you can get really specific like I want to gather all the PDF files the Excel spreadsheets from this list right here you can have it make a python script where it can create unique um uh searches for like an inputted list so if I have a list of like 100 different websites I want to enumerate on Google you can have it create a python script for you which we'll get into scripting in a bit with chat GPT um but it could do that for you so Google dorks kind of easy stuff but it can do it for you next thing is provide commands and context into specific tools now it is a natural language processing GPT big words I don't really understand but it's something I think it can do and I've seen it do this with like Showdown and Greenways is if you train it enough to understand some information about a product it can actually tell you how to run certain things so let's say that I'm you know advanced persistent threat and I really want to Target like on our uninterruptable power supplies well what we could do is like we could go to APC UPS user guide and um we'll just come here so smart ups and we will look at like SSH if that is a possibility no SSH so we'll come back here and we'll do like SSH I don't know command line interface for EPS whatever so how to use the command interface boom boom boom and uh this is it so what we're going to do is we're gonna we're gonna try this out so we're gonna do user UPS Network management card two and we're going to type that into here so we'll do APC and this is live the APC Network management card allows you to Monitor and manage UPS via command line interface so help displays list available commands status current battery level events um and it's going to keep going on and these are certain these are things you can run once you have access to that UPS shutdown in a controlled manner reboot control allows you to remotely control the UPS including turning it on and off adjusting voltage and frequency firmware allows you to update the firmware of the UPS it's important to note these commands are for General use so like let's take a look at this so it's gonna it's it's gonna take the the previous contacts or conversations you've had with it it's like what are the arguments you can make for I don't know how to run that so like the firmware command is for the APC blah blah uh specific arguments in the command vary depending on the firmware but some common ones update um and I'm also doing this while not having access to any sort of UPS so I'm not having to test this in the real world like right here it's telling me like the firmware update uh is that firmware.bin activate status like you get the point so like it will assist you with specific products so you could go on Showdown and start looking for certain uh you know plcs or anything like that and then get a user guide and kind of you know have a very beginner level conversation with chatgpt and it will give you this sort of information now obviously I could probably find all this info in the user interface but the fact that I could just ask and it gives it to me is next level crazy and this is just like one example um so next up we will do analyze data logs so chat GPT will analyze information for you so we'll go to um let's go ahead and like let's go to my pie hole so we'll go to my pie hole real quick and I will have it just analyze its logs I don't know we'll see what we can do so we'll do pie hole Diagnostics uh tail pie hole log and let's see if we get anything here nothing here audit log nope okay so we will just copy all of this over and we'll have it tell us stuff I could also like log into ovh somewhere and maybe try this out so I'm just going to copy this like it's a bunch of information here and I'm just going to paste it and see what it tells me so this is a log file for the initial initially oh my God big word initialization process for a software called pie hole blah blah so it says the log file that has been running for four days 23 hours 20 minutes and then it goes to the you know blah blah blah so it could tell you you just input a a large stream of string of text to chat GPT and it can tell you all about it you could probably ask questions like how do I delete logs like how do I delete the above log to delete the log file displayed above you can use the following command and terminal well that doesn't help what's the maybe we can maybe we can ask it a little bit more specifically because it's just telling you to run or remove file so I'm going to ask it to in cats trying to get in here Leo so we'll go up here so generate debug log so path to debug log Pi hole and hit enter stop generating so we'll do that look at this like it's telling you like it's running a find and graphing xargs and all that so boom there you go there's the pathway to that that specific log right there okay next up this one I've actually had a ton of fun with is actually creating code um and doing code reviews so I've actually created a Pinger PS1 file a long time ago this is it right here this is meant to be a skid file but all I'm going to do is I'm gonna have it tell me what this particular process right here does so I'm gonna say let's tell me what this does so we are going to do this what does this do what does this do and we're just going to paste it in there and I know what it does it turns the volume up on your audio driver so it says Powershell uses NET Framework to control the audio volume on the system use the add type commandlet to define a c-sharp code block that uses the system runtime enter something namespace to interact with the Core Audio API and then it turns it up to 100 uh the last line sets audio volume to 0.1 uh I mean there you go like if you want to know What that particular piece of code does uh we can do this like we'll copy this whole thing over what does this do and uh does a few things first let's put some text which appears to be ASCII art of a skull no that's not what that is but so like and you could create this like it not only analyzes this for you but you could also have it create stuff for you so like uh create a Powershell script to SCP the current working directory to in to a remote system uh that might flag something conversation not found oh I actually might have triggered it sometimes if you have issues uh it will just like cut itself off okay here we go so copy item commandlet to copy files in the current working directory to remote system via SCP so username password remote server path to remote server so that's the credentials that you would have that is the IP address that you own that is the path on your system and then I'm not gonna try this out right now but in theory this PS1 file after a couple uh bits of sandboxing if you get errors which another a phenomenal thing about chat gbt is it actually will help you out with errors that you have so I'm not going to try this out in this video that might be my first patreon videos creating malware um I don't know if you want to call this malware or not but um stay tuned for that so just created some code for me cool um so let's say create a python script to enumerate the sub domains of a u take user input so you can also ask it to take in like user input it's probably going to use like requests yep and here we go import requests import regex enter in the domain name blah blah find all doing some regex for something I don't know where it's pulling from uh for some sub domain and subdomains Print Plus sub domain except so I don't know if that's going to actually pull subdomains or not let's see so that may or may not work I'm not gonna try that out but if you have issues take the error code that you get when you run it and then paste it back into here so anyways that is it for this video If y'all enjoy content like this please hit the Thumbs Up Button hit the Subscribe button with the Bell notification enabled so you get notified anytime I post a new video I actually have a video rendering right now you can see at the bottom of my screen Sony Vegas is pumping away at a like an hour long video um so once that's out I will edit this video and I'll continue to create content for uh chat gbt pertaining to osent so if you have ideas or anything like that please let me know down below but with that anyways that is it for this video y'all take care goodbye awesome foreign [Music] [Music] [Music]

Info

Channel: Cody Bernardy

Views: 5,827

Rating: undefined out of 5

Keywords: chatgpt, chat gpt, cybersecurity, infosec, cyber ai, ai, russian security, osint, osintion

Id: 2CongGM3IxM

Channel Id: undefined

Length: 13min 38sec (818 seconds)

Published: Wed Jan 25 2023