A Recap on ChatGPT and Alternatives
Currently, there are numerous ChatGPT and alternative NLP-based technologies available, such as Anthropic, GPT-3, and WebGPT. The list of more than 600 apps can be found at gpt3demo, and it continues to grow. A few I personally used are Poe by Quora, Perplexity, AI21 Labs and Flowrite. I wrote this piece in a way of exploring how this NLP technology can assist in daily workflows for cybersecurity practitioners.
Prompts?
I do not maintain like prompt library for tasks but if you are interested and looking for ideas, FlowGPT and Awesome-ChatGPT-Prompts is a good start. A simple prompt to hint to act or assign a specific role before other queries works for me.
A Lazy prompt but work ok..
All examples in this blog post is used ChatGPT 3.5 turbo engine by Poe. The reasons I used Poe over OG ChatGPT or other bots are built-in multiple bots with different NLP engine and custom bot creation. This is the custom prompt I used for my cybersecurity theme bot:
1
I want you to act as a cyber security specialist. I will ask questions and tasks related with CyberSecurity and you can assist me with decision making process and give me insights. This could include suggesting encryption methods, creating firewalls or implementing policies that mark certain activities as suspicious, analyzing security incidents, analyzing vulnerability, proposing remediation and mitigation actions, code review and analyzing code snippets.
Any suggestions or improvements to this prompt is welcome.
Personalized Search Engine
ChatGPT can be used as a search engine for learning new concepts and ideas related to cybersecurity. It can help practitioners stay up to date with the latest trends and developments in the field.
I found out that ChatGPT can give a textbook style answer for a simple queries but it is refusing to give answer for an example or actual script or payload that can be used for malicious intent. Some people might already abused this somehow, I guess.
Reverse vs Forward Shell..
Assisting with decision making and reasoning as a consultant
Another good use of ChatGPT for cybersecurity domain is treating it as your colleague and security consultant that can support in tactical and strategic ideas of the problems and solutions that complicated to perform. It gives a robotic answer and not useful 100% but you can get a lead from it and use it as inputs with your own guidance.
Attack Surface Reduction Strategy Ideas
IR Playbook
Supporting in technical tasks ChatGPT can be used to automate technical tasks such as vulnerability scanning, patch management, and threat hunting. It can also assist with network monitoring and analysis and provide insights into potential security vulnerabilities. By analyzing large amounts of data and identifying patterns, ChatGPT can help cybersecurity practitioners detect and respond to threats in a more efficient and effective manner.
ChatGPT also can assist with incident response by providing real-time insights and recommendations during a security incident. It can help practitioners quickly identify the root cause of an incident and take appropriate action to mitigate the impact.
This is one area that the bot can perform better than other use cases. The following tasks that you can throw into ChatGPT for initial analysis that save your time:
Source Code Interpretation
I am surprised that it gives line-by-line interpretation of the code but may not work for some low-levl PLs
Code Review for security issue
A summary of the isuses found from both synatax and semantic error and also security issues.
Initial query creation for SIEM, Regex and EDR
It can be a better option than uncoder.io at this point IMO
Automation Script Generation
first part of the job is to create a script for log collection
a follow-up query to create a wrapper script to cron schedule
Script and Program Generation
A simple HTTP server setup with Python modules
Create detection signatures such as Yara, Snort, Sigma and so on
Yara signature is collecting from OSNIT and vendor blogs. This shows a potential use cases for Intel analysts
Sigma rule but I am not sure the conditions actually work or not.
Using it to fasten GRC tasks
One use case for ChatGPT in the cybersecurity field is to fasten GRC (excel) jobs, such as risk assessments and compliance reporting. By automating the process and providing insights into potential risks and compliance issues, ChatGPT can save practitioners valuable time and resources. Additionally, ChatGPT can help with documentation and knowledge sharing, making it easier for team members to understand and communicate technical concepts and ideas.
It doesnt align with NIST 800–30 suggested tempalte 100% but good enough for a starter
I’ll say this is more of an outline boilerplate that you can kickstart for actual organization specific policies
Reporting
Finally, ChatGPT can be used to improve communication and collaboration within the cybersecurity team. It can assist with documentation and knowledge sharing and help team members better understand and communicate technical concepts and ideas.
I feed the DFIR 2022 Yearly Review and request to summarize a vanilla version of it. It is a bit blunt and robotic but not bad though.
I need more inputs to find out how good this summary can go
Other Interesting Security ChatGPT Projects
Microsoft is announcing co-pilot for automating and including ChatGPT capability into Incident response, threat hunting and reporting tasks but we don’t know it going to be accessible for all users or not.
Burpgpt is a plugin for burp suite to assist with web application security testing. The tool uses the GPT-3 model to generate a list of potential attack payloads and suggest test cases for specific vulnerabilities identified during a web application security assessment. The tool can also be used to generate context-specific content for phishing and social engineering attacks.
In the near future, security vendors and open source projects will utilize ChatGPT capability. I believe that it will assist and cope with tedious tasks in security operation and management.