AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Pinpoint security jobs8/12/2023 Unfortunately, the latter of these concerns has already been proven to be true, with threat actors using tools to create more convincing and effective phishing emails. In the security sector, we also have tangible concerns that AI can be used nefariously. If there are drawbacks to AI informing human decision-making, I would say that anytime we use the word “automation,” there’s a palpable fear that the technology will evolve and eliminate the need for humans in their jobs. Without question, AI is an important tool that security practitioners can use to alleviate repetitive and mundane tasks, and it can also provide instructional aid for less experienced security professionals. I recently used ChatGPT to rewrite a dark-web scraping tool I created which reduced the completion time from days to hours. AI can be used to create or increase the efficiency of scripts for use by cybersecurity engineers or system administrators, for example. Still, one of the biggest benefits of AI is automating daily tasks to free up humans to focus on more creative or time-intensive work. While AI has made great leaps in a short amount of time, it can still produce false positives that need to be identified by a human being. Unfortunately, we cannot program an AI tool to function like a human being we can only use it for support, to analyze data and produce output based on facts that we input. However, there are limitations to this usefulness, and by that, I am referring to complex human cognition coupled with real-world experiences that are often involved in decision-making. Especially in cybersecurity, whether for automating tasks or sparking new ideas, AI can reduce efforts to reinforce a sound cybersecurity posture. Of course, if there is analysis needed for a situation or research scenario, AI is also a critically useful aid to expedite or introduce alternative paths for that required analysis. Benefits are plenty, but so are the limits While the red team uses this tool to aid penetration tests, the blue team can use it to understand what those tools may look like to create better alerting mechanisms. With a simple request, ChatGPT can create a rudimentary but functional script that will enable a red-teamer to add this persistence to a target host. For example, a standard persistence tactic that an analyst or threat hunter should be looking for is when an attacker adds their specified script/command as a startup script on a Windows machine. One MITRE ATT&CK technique that is nearly universal in cyber incidents is persistence. It can build simple examples of scripts a penetration tester might use or debug scripts that may not be working as expected. If you’re looking for a force multiplier in a dynamic exercise, ChatGPT can be used for purple teaming or a collaboration of red and blue teams to test and improve an organization’s security posture. If a junior engineer can create and schedule this script in addition to learning how the logic works, then ChatGPT can help the senior engineers/administrators free up time for more advanced work. The creation of these scripts can now be turned over to ChatGPT, which can build the logic to identify and disable accounts that have not been active in the past 90 days. This creates a situation where the IT team resorts to the age-old DIY approach, where system administrators use self-written, scheduled scripts to disable stale accounts. These accounts often have privileged permissions, and while a full privileged access management technology strategy is recommended, businesses may not be able to prioritize its implementation. In nearly every environment, the number of stale Active Directory accounts can range from dozens to hundreds. Since it’s closer to a standard SOC-type alert and not an advanced Splunk search, this can be a perfect guide for a rookie SOC analyst.Īnother compelling use case for ChatGPT is automating daily tasks for an overextended IT team. If I asked ChatGPT to write an alert for a brute force attack against Active Directory, it would create the alert and explain the logic behind the query. That context helps to understand the power of ChatGPT, which has already learned SPL and can turn a junior analyst’s prompt into a query in just seconds, significantly lowering the bar for entry.
0 Comments
Read More
Leave a Reply. |