Unlocking the Potential of ChatGPT in Pentesting

Presented at CactusCon 12 (2024), Feb. 16, 2024, 9:30 a.m. (60 minutes).

Explore the world of pentesting through the lens of ChatGPT, the cutting-edge AI language model from OpenAI. In this presentation, we delve into the remarkable capabilities of ChatGPT and its relevance in the field of automating pentesting. Join me as I dissect the potential of ChatGPT to revolutionize pentesting and address the intriguing question: Will ChatGPT replace the role of a pentester? Our journey begins with a comprehensive analysis, comparing ChatGPT's architecture to other Large Language Models (LLMs) and exploring their applications in cybersecurity. We'll explore structured pentesting, examining how ChatGPT and other LLMs can be harnessed for both unauthenticated and authenticated pentesting scenarios. We will evaluate the semantics of interaction with ChatGPT and determine which forms of structured prompting yield optimal results for various pentest tasks. Next we will analyze the performance of these models across a spectrum of difficulty levels and evolving application contexts for a pentest. As we near the conclusion, we will shine a spotlight on the strengths and limitations of ChatGPT and other LLMs. Discover strategic insights on how to leverage ChatGPT as a force multiplier in your pentesting endeavors. Join me in this thrilling exploration of the future of pentesting with ChatGPT as your trusted ally.

Presenters:

  • Dr. Ankur Chowdhary - Sr. Application Security Engineer, 6Sense
    Dr. Ankur Chowdhary is a cybersecurity researcher. Ankur has published over 30 research papers and one textbook in the field of cybersecurity. He received Ph.D. (2020) and M.S. (2015) with specialization in cybersecurity from Arizona State University (ASU). His research interests include appsec, cloud security and AI/ML in cybersecurity. Ankur has been a speaker at several cybersecurity conferences including DEFCON Red Team Village, DEFCON Appsec Village, and CactusCon. Ankur also holds several cybersecurity industry certifications such as CRTP/CRTE/eWPT. Ankur is coach of ASU's National Cybersecurity Defense Competition (NCCDC) team. He co-founded hacking club DevilSec in 2019 to teach offensive and defensive security to students at ASU.

Links:

Similar Presentations: