How to use ChatGPT in Cybersecurity Operation

Sumedt Jitpukdebodin, Secure D Center

© 2019 Secure D Center Co., Ltd.
 About Secure D
We operate across the ASEAN region with offices established in Kuala Lumpur, Malaysia and Bangkok, Thailand. We are independent and committed to your long-term goals by
bringing a fresh, independent perspective, high passion to do an outstanding job and delivering cost-effective, innovation and high value services using global methodology and
framework with our best cyber expertise certified by well-known cyber security certifications. We trust you will recognize our pragmatic ‘hands on’ style in the way we have structured
our team, our approach and our deliverables. Our approach is based on the simple notion that the success of this project is measured by the results obtained and not just successful
completion.

© 2019 Secure D Center Co., Ltd.

Background and Experience
Services
Topic 1
This service included Red Teaming, Penetration Testing, and Vulnerability Assessment. Our methodology is
Offensive Security Assessment developed based on various of penetration testing framework and standard including NIST, Cyber Kill Chain,
CBEST/CREST STAR and OWASP for our methodology.

Our cyber security professionals have extensive experience in Incident Response, Threat Hunting, Digital Forensic
Cyber Incident Response
and Investigation, and understand the technical and real-world scenario of cyber attack
& Digital Forensic

Our cyber security professionals specialize in IT Security consulting including SSDLC, PCI DSS, ISO27001 and
IT Compliance and Audit Service other Compliances / Regulations with comprehensive experience in implementation of related processes in term of
technical and business

Our cyber security trainings and classes are designed to Strengthen the core essentials and ultimately provide
Cyber Security Training and
insights to advance techniques employed, methods and countermeasures through real-world scenarios and
Awareness
practical exercise

© 2019 Secure D Center Co., Ltd.

Secure-D Center Service
Offensive Security
Topic 1
1) Web Application Penetration Test Service
2) Mobile Application Penetration Test Service
3) Infrastructure Penetration Test Service
4) iPentest Service

© 2019 Secure D Center Co., Ltd.

Secure-D Center Service
Cyber Incident Response
Topic 1
1) Digital Forensic
2) Tier 3 as a service
3) Threat Intelligence Service
4) Attack Simulation

© 2019 Secure D Center Co., Ltd.

Secure-D Center Service
Security Compliance
Topic 1
1) Compliance Consulting
2) Security Consulting
3) Phishing Simulation

© 2019 Secure D Center Co., Ltd.

Secure-D Center Service
Cybersecurity Products
Topic 1

© 2019 Secure D Center Co., Ltd.

SECPlayground Platform
Cybersecurity Training Platform
Topic 1
SECPlayground is a cyber security training platform. We offer approachable and accessible hands-on exercise and
content by domain experts
• Cybersecurity Knowledge
• Network Security and Web Application Security
• Forensic (Network Analysis ,Disk Analysis ,Log Analysis ,Memory Analysis
• Privilege Escalation
• New Public CVEs
• Secure Software Development (SSDLC) and Secure Source Coding
• Mobile Security
• SOC Analyst and Incident Response

© 2019 Secure D Center Co., Ltd.

Speaker Profile
Purple Team – Director

Professional Certifications
GIAC Penetration Tester (GPEN)
Offensive Security Certified Professional (OSCP)
Certified Penetration Testing Engineer(CPTE)
eLearnSecurity Certified Professional Penetration Tester (eCPPT)
eLearnSecurity Web Application Penetration Tester (eWPT)
CompTIA CySA+
And more….

Education
Master of Information System Security, Mahanakorn University

Experience
11 years experience in
Sumedt Jitpukdebodin - Cyber Security Incident response
Cyber Security Specialist - Penetration Testing and Vulnerability Assessment
Secure D Center Co., Ltd.
Community
OWASP Thailand Chapter Committee
2600Thailand Staff
© 2019 Secure D Center Co., Ltd.
Outline
© 2021 Secure D Center Co.,Ltd
Outline
Topic1.1 ChatGPT
2. Generic Cybersecurity Question
3. Technical Task
4. Statement/Reporting Task
5. Conclusion

© 2019 Secure D Center Co., Ltd.

ChatGPT
© 2019 Secure D Center Co., Ltd.
Natural Language Processing (NLP)
Focuses on interaction between computers and human languages. The goal of NLP is to develop techniques that enable
Topic 1 to understand, interpret, and generate human languages.
computer

NLP techniques are used in a wide range of applications

• Speech recognition
• Machine translation
• Sentiment analysis
• Text summarization
• Question answering

** Detail, please watch:

“เมือ$ ตัง( วงเล่า ตัง( คําถามกับ ChatGPT”
https://fb.watch/l3AClhzZwx/

© 2019 Secure D Center Co., Ltd.

What is ChatGPT?
ChatGPT (Generative Pretrained Transformer) is a natural language processing technology developed by OpenAI company.
Topic
ChatGPT1 generates text by predicting the next word in a sentence. It does this multiple times to create complete sentences.
For instance, given the input "The sun is...", it might predict the next word as 'shining' or 'rising.'

© 2019 Secure D Center Co., Ltd.

© 2019 Secure D Center Co., Ltd.
What is ChatGPT?
URL: https://chat.openai.com
Topic 1

© 2019 Secure D Center Co., Ltd.

Prompt
A "prompt" is like a cue or a starting point. It's the initial piece of information you give to ChatGPT to help it know what you
want to talk about or write about.

For example, imagine you're having a conversation with a friend, and you say, "Tell me about your day." In this case, "Tell me
about your day" is the prompt. It's the thing that kicks off the conversation and guides what your friend will talk about.

Similarly, when you're using ChatGPT, you give it a prompt to guide what it will write about. This could be a question, a
sentence, or even a single word. For instance, if you give ChatGPT the prompt "Explain photosynthesis," it will generate a
text explaining the process of photosynthesis.

© 2019 Secure D Center Co., Ltd.

Example of prompt of cybersecurity
Example#1
I want you to act as a cyber security specialist. I will provide some specific information about how data is stored and shared,
and it will be your job to come up with strategies for protecting this data from malicious actors. This could include suggesting
encryption methods, creating firewalls or implementing policies that mark certain activities as suspicious. My first request is
"I need help developing an effective cybersecurity strategy for my company."

Example#2
You are a highly trained, competent cybersecurity professional. You have a client that maintains a web presence at
www.example.com, and you have been tasked with scanning the website for vulnerabilities. The first scan was run via the
nmap command. Provide a summary of findings and the top three recommendations for improving security on this site.

Reference
- https://github.com/timothywarner/chatgptclass/blob/main/chaggpt-prompt-examples.md
- https://www.linkedin.com/pulse/chatgpt-prompts-add-capabilities-your-purple-team-aaron-perkins-m-s-/
- https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Creatively-malicious-prompt-engineering.pdf

© 2019 Secure D Center Co., Ltd.

Generic Cybersecurity Question
© 2019 Secure D Center Co., Ltd.
Do you want to enter Cybersecurity field?
Prompt: I'm system administrator guy. If I want to learn or resource or training platform to change my job to cybersecurity
field, what do you recommend?
Response:

© 2019 Secure D Center Co., Ltd.

Explanation about vulnerability
Prompt: What is reflected XSS? Could you please give me some example with php code?
Response:

© 2019 Secure D Center Co., Ltd.

Explanation about vulnerability (Continue)
Prompt: What is difference between reflected XSS and DOM based XSS?
Response:

© 2019 Secure D Center Co., Ltd.

Tool Suggestion
Prompt: You act a cybersecurity expert guy. What is the recommended open source SAST tool?
Response:

© 2019 Secure D Center Co., Ltd.

Tool Suggestion
Prompt: You act a cybersecurity expert guy. What tool is recommended to test SSTI?
Response:

© 2019 Secure D Center Co., Ltd.

Technical Task
© 2019 Secure D Center Co., Ltd.
Technical Task
1. Automation Task
2. Scripting Task
3. Statement/Reporting Task

© 2019 Secure D Center Co., Ltd.

Subdomain Enumeration
Prompt: You act as Cybersecurity expert. Could you please provide subdomain of 'secplayground.com' that found on google
search? Just the information that you have. No need to up-to-date info Or can provide the sample tool and sample of
command to do subdomain enum of 'secplayground.com’
Response:

© 2019 Secure D Center Co., Ltd.

Subdomain Enumeration
SubGPT - SubGPT looks at subdomains you have already discovered for a domain and uses BingGPT to find more

© 2019 Secure D Center Co., Ltd.

Create NSE script
Prompt: Please write the nse script to enumerate /admin and /administrator and /panel
Response:

© 2019 Secure D Center Co., Ltd.

Create Nuclei script
Prompt: Write a nuclei template to find tomcat manager panel and example of using it
Response:

© 2019 Secure D Center Co., Ltd.

Create Burp extension
Prompt: Create a burp extension to check .git or .svn
Response:

© 2019 Secure D Center Co., Ltd.

Craft HTTP Request
Prompt: I found an upload.php but I didn't sure what exactly HTTP request that shall use for this URL. If we assume that
upload.php have filecontent and filename parameter for upload file. What HTTP request shall look like? I want sample HTTP
request because I want to use it with Burp Suite Repeater
Response:

© 2019 Secure D Center Co., Ltd.

Create Metasploit module
Prompt: Could you please write a Metasploit module for me?
Response:

© 2019 Secure D Center Co., Ltd.

Create Metasploit module
Prompt: Could you please give me an instruction how to write metasploit module and give me some example?
Response:

© 2019 Secure D Center Co., Ltd.

Create another version of tool
Prompt: Create the python3 version of https://sourceforge.net/projects/dirbuster/files/DirBuster%20Source/
Response:

© 2019 Secure D Center Co., Ltd.

Create another version of tool
Prompt: You act as Cybersecurity expert. Please create the python3 version of
https://sourceforge.net/projects/dirbuster/files/DirBuster%20Source/
Response:

© 2019 Secure D Center Co., Ltd.

Create Google Chrome Extension script
Prompt: You are cybersecurity expert. Please write the Google Chrome extension to detect /.git or /.svn
Response:

© 2019 Secure D Center Co., Ltd.

Create simple SAST
Prompt: Please write Static application security testing (SAST) tool to detect SQL Injection in PHP and Java Source Code
Response:

© 2019 Secure D Center Co., Ltd.

Create simple SAST#2
Prompt: Please write Static application security testing (SAST) tool to detect SQL Injection in PHP and Java Source Code
Response:

© 2019 Secure D Center Co., Ltd.

Checklist of Digital Forensic
Prompt: You act as digital forensic investigator. If Windows server was hacked and connect to C2 then client give the
harddisk of hacked server to you. Could you please provide a analysis checklist to your member to analysis on this case.
Response:

© 2019 Secure D Center Co., Ltd.

Checklist of Digital Forensic#2

© 2019 Secure D Center Co., Ltd.

Checklist of Digital Forensic#3

© 2019 Secure D Center Co., Ltd.

Windows Registry List
Prompt: Please provide full list of Windows registry that Digital Forensic Investigator need to check for finding the sign of
compromised
Response:

© 2019 Secure D Center Co., Ltd.

Windows Registry List (Continue)
Prompt: Could you please provide the python script to check all of Windows registry that you mention, the output shall be
csv: ID, Registry Name, Registry Value, Note
Response:

© 2019 Secure D Center Co., Ltd.

Sysmon monitor specific path
Prompt: How can I setup Sysmon to monitoring all of access file to C:\Users\SECPlayground\Secret\?
Response:

© 2019 Secure D Center Co., Ltd.

Query specific event on Azure Sentinel
Prompt: Could you please provide search on Azure Sentinel to filter only the event which contain IP?
Response:

© 2019 Secure D Center Co., Ltd.

Regular Expression to filter URL on Splunk
Prompt: Regular Expression to Filter URL in Splunk
Response:

© 2019 Secure D Center Co., Ltd.

Script to check IP reputation
Prompt: Could you please check reputation of IP 185.220.101.87 from Virustotal and AbuseIP and Hybrid-Analysis?
Response:

© 2019 Secure D Center Co., Ltd.

Script to check IP reputation#2
Prompt: So could you please provide me the python3 script to check about these threat intel?
Response:

© 2019 Secure D Center Co., Ltd.

Create Snort Rule
Prompt: Create snort rule to detect user-agent which contain "wget"
Response:

© 2019 Secure D Center Co., Ltd.

Create Imperva WAF Rule
Prompt: I would like to create Imperva WAF rule to detect SSTI such as {{ 7*7 }}
Response:

© 2019 Secure D Center Co., Ltd.

Create Imperva WAF Rule#2
Prompt: If I want to detect any number (not just only Number#7), what Imperva Rule will look like?
Response:

© 2019 Secure D Center Co., Ltd.

Convert Sigma rule to Splunk
Prompt: If I want to convert from Sigma rule to Splunk search. How can I do?
Response:

© 2019 Secure D Center Co., Ltd.

Sending Log to ELK
Prompt: How to send Windows log on server to ELK?
Response:

© 2019 Secure D Center Co., Ltd.

Incident Response Playbook
Prompt: Could you please provide "Incident Investigation and Response playbook" for case of "user leak their credential
because of phishing attack"?
Response:

© 2019 Secure D Center Co., Ltd.

Containment Step
Prompt: If we was hacked, what the step that shall take to containment?
Response:

© 2019 Secure D Center Co., Ltd.

Detect BYOVD?
Prompt: How to detect BYOVD (Bring Your Own Vulnerable Device)?
Response:

© 2019 Secure D Center Co., Ltd.

Statement/Reporting Task
© 2019 Secure D Center Co., Ltd.
Bug Bounty Report
Prompt: Please write a bug bounty report. I found SQL Injection at http://redacted.com/?id=[[INJECTION POINT]]
Response:

© 2019 Secure D Center Co., Ltd.

Phishing Email (BEC - Business Email Compromise)
Prompt: Write an email to [person1] in the finance operations department at [company1] from [person2], forwarding the
above email chain. The email should explain that [person2] is visiting a potential Fortune 500 client in [region1] and that
[person2] requires an urgent financial transfer to be made to an account belonging to the potential client in order to close
the deal.
The email should inform [person1] that all payment details can be found in the forwarded email chain. The email should also
include some basic information about the recipient company [company2] which is a financial services company located in
[place1]. [person1] is not easily fooled and will require some convincing.

© 2019 Secure D Center Co., Ltd.

Phishing Email (BEC - Business Email Compromise)
Response:

© 2019 Secure D Center Co., Ltd.

Security Awareness
Prompt: How to spot phishing page or website?
Response:

© 2019 Secure D Center Co., Ltd.

Breach Email Notification?
Prompt: What if I want our users to reset password because our system was breach from some threat actor. The users
information was leakage. Shall I do publish the email to the client or just quiet and let it pass?
Response:

© 2019 Secure D Center Co., Ltd.

Breach Email Notification
Prompt: So could you please write a breach notification email to our client for me (CEO)?
Response:

© 2019 Secure D Center Co., Ltd.

Resolve CTF
Prompt: I got the cipher text and need to find the answer (Format: jctf{xxxx-xxxxxx})
TGltYSBBbHBoYSBLaWxvIEVjaG8gTWlrZSBJbmRpYSBDaGFybGllIEhvdGVsIEluZGlhIEdvbGYgQWxwaGEgTm92ZW1iZXI=
Response:

© 2019 Secure D Center Co., Ltd.

Resolve CTF#2
Prompt: I got this source code from CTF. Could you please find the vulnerability?
Response:

© 2019 Secure D Center Co., Ltd.

Resolve CTF#2 (2)
Prompt: How to secure this source?
Response:

© 2019 Secure D Center Co., Ltd.

Conclusion
© 2019 Secure D Center Co., Ltd.
Will ChatGPT replace jobs…

© 2019 Secure D Center Co., Ltd.

Conclusion
1. ChatGPT is a tool to do automate and shortcut to do some task, but it’s not perfect.
2. Many generated source code has vulnerability.
3. Don’t trust it, carefully review the result
4. ChatGPT didn’t learn anything from you or others. Learning ended in 2021. It just remembers what you tell it.
5. Google still be your friend.

© 2019 Secure D Center Co., Ltd.

Questions?

© 2019 Secure D Center Co., Ltd.

Recruiting!!!! Purple Team
• Hire all level of incident Responder (Junior, Senior, Team Lead)

© 2019 Secure D Center Co., Ltd.

Contact us at [email protected]
Facebook: SecureD.Global
Podcast: Chill Chill Security

© 2019 Secure D Center Co., Ltd.

Reference
• https://speakerdeck.com/anugrahsr/chatgpt-for-hacking?slide=42
• https://securitycipher.com/2022/12/10/chatgp-for-penetration-testers/
• https://www.linkedin.com/posts/nakulpapreja_offensive-security-using-chatgpt-activity-7019469937257627648-
0Lgu/?originalSubdomain=mu
• https://labs.withsecure.com/content/dam/labs/docs/WithSecure-Creatively-malicious-prompt-engineering.pdf
• https://drive.google.com/file/d/1zEHbBJEHddxVdCbdvBplgh1AaVDot9eM/view

© 2019 Secure D Center Co., Ltd.