ChatGPT For Penetration Testing – An Effective Reconnaissance Phase of Pentest

ChatGPT For Penetration Testing – An Effective Reconnaissance Phase of Pentest

ChatGPT enhances information security by providing valuable insights for efficient reconnaissance in penetration testing and serving as an additional source of security information.

Generative pre-trained transformer language models are growing rapidly with unseen and shocking capabilities. 

Read moreBuilding cyber skills and roles from CyBOK foundations

Recently GBHackers on Security Published an article about PentestGPT, a new ChatGPT-powered Penetration testing Tool  that helps penetration testers to automate their pentesting operations.

Similarly OpenAI’s ChatGPT is one of the outcomes of these advancements, it’s an AI chatbot, that offers detailed responses across various questions, with untapped potential in numerous applications.

Read moreAccessibility as a cyber security priority

Sheetal Temara, a cybersecurity researcher at the University of the Cumberlands, Williamsburg, KY recently published a case study in Arxiv to represent the ChatGPT’s role in gathering valuable reconnaissance data.

ChatGPT For Penetration Testing

The intel offerings from ChatGPT are diverse on targeted properties, aiding penetration test planning and enhancing cybersecurity with AI language models.

Read moreNew interactive video - and related downloads - to help secondary school kids stay safe online

Penetration tests mimic real attacks and it helps organizations to aid vulnerability identification and remediation, among various security processes and TTPs that are used by threat actors.

The penetration test’s first phase, reconnaissance, gathers data on the assessment scope like:-

Read moreNigerian Cybercrime Ring's Phishing Tactics Exposed

Applications

Networks

Read moreS3 Ep135: Sysadmin by day, extortionist by night

The gathered data encompasses several technological components that enable the penetration tester to plan for effective risk evaluation. Here below we have mentioned the technological components that are used:-

SSL/TLS settings

Read moreUS offers $10m bounty for Russian ransomware suspect outed in indictment

Cookies

Third-party connections

Read moreBelkin Wemo Smart Plug V2 – the buffer overflow that won’t be patched

Network topology

OS details

Read moreZut alors! Raclage crapuleux! Clearview AI in 20% more trouble in France

ChatGPT provides valuable footprinting information for penetration testing, including IP address space and comprehensive attack surface details.

Assessing the entire attack surface is critical to identify vulnerabilities in all network nodes. ChatGPT returns the target organization’s IP addresses in CIDR format with the quantity specified after the slash.

Read moreHeads Up CEO! Cyber Risk Influences Company Credit Ratings

Understanding vendor technologies is crucial in reconnaissance for penetration testing, and ChatGPT reveals the target website’s technologies, including:-

CDNs

Read moreCISA, NSA Issue New IAM Best Practice Guidelines

Web servers

Analytics engines

Read more6 Ways to Mitigate Risk While Expanding Access

CRM capabilities

APIs

Read moreHypervisors and Ransomware: Defending Attractive Targets

Sensitive data security relies on encryption, and ChatGPT provides comprehensive details on SSL ciphers and certificate authority issuers, helping penetration testers in identifying and remediate the vulnerabilities.

Secure SSL/TLS implementation is crucial to prevent data decryption. ChatGPT reveals SSL/TLS versions used by the target website, including TLS 1.0-1.3, SSL 3.0, and widely adopted encryption standards like:-

Read moreNIST Launches Cybersecurity Initiative for Small Businesses

Perfect Forward Secrecy (PFS)

HTTP Strict Transport Security (HSTS)

Read moreEducating Your Board of Directors on Cybersecurity

Application-Layer Protocol Negotiation (ALPN)

Elliptic Curve Cryptography (ECC) 

Read morePersonal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack

Public Key Pinning (PKP)

Certificate Transparency (CT)

Read moreMany Vulnerabilities Found in PrinterLogic Enterprise Software

Rivest-Shamir-Adleman (RSA) Encryption

Online Certificate Status Protocol (OCSP) Stapling

Read moreIndustrial Giant ABB Confirms Ransomware Attack, Data Theft

Forward Secrecy with DHE and ECDHE

Reconnaissance Prompts

Reconnaissance in penetration testing benefits from standardized reusable questions designed to extract valuable data from ChatGPT, requiring skillful prompt engineering for desirable results.

Read moreOrganizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation

Here below we have mentioned all the Reconnaissance Prompts that could be used by the pen testers:-

What IP address range-related information do you have on [insert organization name here] in your knowledge base?

Read moreGoogle Cloud Users Can Now Automate TLS Certificate Lifecycle

What type of domain name information can you gather on [insert target website here]?

What vendor technologies does [insert target website fqdn here make use of on its website?

Read moreZyxel Firewalls Hacked by Mirai Botnet

Provide a comprehensive list of SSL ciphers based on your research used by [insert target website fqdn] pursuant to your large corpus of text data present in your knowledge base.

Please list the partner websites including FQDN based on your research that [insert target website here] has direct links to according to your knowledge base.

Read moreWatch Now: Threat Detection and Incident Response Virtual Summit

Provide a vendor technology stack based on your research that is used by [insert organization name here].

Provide a list of network protocol-related information that is available on [insert organization name here].

Read moreNCC Group Releases Open Source Tools for Developers, Pentesters

The research determined that “ChatGPT has the ability to provide valuable insight into the deployment of the target organization’s technology stack as well as specific information about web applicationsdeployed by the target organization,” reads the paper published.

Additional information via Reconnaissance

Reconnaissance unveils the target’s technology stack, aiding penetration testers in selecting specific attacks. ChatGPT provides details on vendor technologies used, including application servers, databases, operating systems, and more.

Read moreMemcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation

ChatGPT offers a list of the target organization’s following network protocols, helping in identifying potential risks and lateral movement:-

HTTP

Read morePyPI Enforcing 2FA for All Project Maintainers to Boost Security

HTTPS

DNS

Read moreCredible Handwriting Machine

SMTP

NTP

Read moreGoogle Is Not Deleting Old YouTube Videos

SSH

BGP

Read moreFriday Squid Blogging: Peruvian Squid-Fishing Regulation Drives Chinese Fleets Away

SNMP

TCP

Read moreSecurity Risks of New .zip and .mov Domains

UDP

IPv4

Read moreMicrosoft Secure Boot Bug

VPN

ChatGPT provides valuable insights for penetration test reconnaissance, assisting in planning and maximizing testing success. Continuous training of ChatGPT necessitates prompt tailoring for desired results and building on initial insights over time.

Read moreBarracuda zero-day abused since 2022 to drop new malware, steal data

The post ChatGPT For Penetration Testing – An Effective Reconnaissance Phase of Pentest appeared first on Cyber Security News.

   Read More 

Read moreWordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

Cyber Security News 

Related Posts

Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems
Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems

Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems

Malware authors persistently seek novel approaches to exploit unsuspecting users in the active cyber threat landscape.

To easily locate all the available files, folders, and other items on your Windows system, Microsoft Windows OS offers an outstanding powerful tool known as the Windows search feature.

Unexplored by many, the “search-ms” URI protocol handler in Windows allows potent local and remote searches, but security researchers at Trellix warn of potential exploitation.

Infection Chain

Cybersecurity researchers at Trellix Advanced Research Center revealed that this new attack technique exploits the “search-ms” URI protocol with JavaScript on websites and HTML attachments.

This expands the attack surface and not only that even also explores the “search” protocol as well.

Threat actors exploit the “search-ms” protocol to deceive users with emails, compromised websites, and disguised remote files to make them execute malicious code unknowingly.

Infection Chain (Source – Trellix)

Besides this, security analysts detected several phishing emails using the “search-ms” protocol to deliver a malicious payload, masked as urgent sales quotation requests.

Phishing emails (Source – Trellix)

Various attack variants involve emails with HTML/PDF attachments containing URLs to compromised websites using the ‘search-ms’ URI protocol handler, while embedded scripts in HTML files can also trigger the attack.

Once the link in the email or attachment is clicked, users get redirected to a website exploiting the “search-ms” URI protocol handler, revealing a suspicious script in the GET request for page.html:-

HTML with ‘search-ms’ URI Protocol Handler (Source – Trellix)

Experts uncover numerous PowerShell file variants in this investigation, comprising:-

The “over.ps1” file downloads an ISO file.

PowerShell scripts directly download the DLL payload and execute it.

PowerShell scripts that trigger the download of a zip file containing an EXE payload.

PowerShell scripts that download and execute DLL files.

PowerShell scripts that download and execute VBS files.

The campaign deploys remote access trojans (RATs) like Async RAT and Remcos RAT to gain unauthorized control over infected systems, facilitating:-

Data theft

User monitoring

Command execution

The Remcos RAT employs null byte injection in its EXE payload to evade security products. The attacker employs a proactive approach, continuously updating files to avoid security product detection, and bypassing static signatures and known IoCs.

Multiple HTML used as an initial attack vector (Source – Trellix)

Security analysts found attacker-controlled file servers, some lacking authentication, posing a significant security risk by enabling easy access for further exploitation.

Recommendations

Here Below we have mentioned all the recommendations:-

Make sure to exercise caution and be vigilant about untrusted links.

It is crucial not to click on suspicious URLs or download files from unknown sources to avoid potential risks.

Beware of the exploitation of the “search” / “search-ms” URI protocol handler to deliver malicious payloads to systems.

Make sure to avoid engaging with potentially harmful links and files.

Always keep your system and AV tools updated with the available latest security patches and updates. 

Make sure to use a robust AV solution.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitterand Facebook.

The post Hackers Exploit Windows Search Feature to Execute Malware on Infected Systems appeared first on Cyber Security News.

   Read More 

Cyber Security News 

Sumo Logic Warns Customers to Reset API Keys Following a Security Breach

Sumo Logic Warns Customers to Reset API Keys Following a Security Breach

Following the security breach, Sumo Logic strongly advises all customers to take precautionary measures and reset their API keys. This step will help ensure the continued security of your data and prevent any potential unauthorized access.

Sumo Logic, Inc. is a cloud-based machine data analytics company focusing on security, operations, and BI use cases. It provides log management and analytics services that use machine-generated big data. 

Based on the investigation findings, it has been discovered that the company had already taken steps to reduce the additional measures mentioned on November 7th. Specifically, it was found that credentials for an external service were entered into Sumo during the setup of a webhook connection.

Potential Security Incident

They discovered the evidence of a potential security incident early this month. The activity identified used a compromised credential to access a Sumo Logic AWS account.

According to their statement, the incident did not have any adverse effects on the networks or systems, and all customers’ data remained secure.

Document

Protect Your Storage With SafeGuard


Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

They were able to quickly identify and secure the exposed infrastructure and also implemented additional security measures to safeguard the information.

This includes improved monitoring and fixing any possible gaps to prevent any similar events and continuing to monitor our logs to look for further signs of malicious activity. 

To ensure the protection of information, the company suggests implementing various security measures. These measures can include the use of secure methods to access Sumo Logic or providing secure user credentials to access other systems.

The company recommends the implementation of these measures to safeguard sensitive information.

Sumo Logic API access keys 

Sumo Logic installed collector credentials.

Third-party credentials that have been stored with Sumo for data collection by the hosted collector.

User passwords to Sumo Logic accounts.

The investigation into this incident is ongoing, and customers are directly notified if evidence of malicious access to their Sumo Logic accounts is found.

Secures your storage & backup systems With StorageGuard – Watch a 40-second Video Tour.

The post Sumo Logic Warns Customers to Reset API Keys Following a Security Breach appeared first on Cyber Security News.

   Read More 

Cyber Security News