FEATURE
HOW I BUILT A ZERO DAY WITH UNDETECTABLE EXFILTRATION USING ONLY CHATGPT PROMPTS ChatGPT is a powerful artificial intelligence language model that can generate human-like text in response to prompts, making it a useful tool for various natural language processing tasks. One of these is writing code.
I
thought to myself, is it possible to build a new zero-day using only ChatGPT prompts?”, For this, I decided to not write any code myself and use only advanced techniques, such as Steganography, that have only previously been reserved for nation-state attackers. I wanted to attempt to create something that would work in a full end-to-end manner, without the need for the reader to imagine how certain parts of the malware would ‘hang together’. The overall purpose of this exercise was to prove two things: 1. How easy it is to evade the guardrails that ChatGPT has put in place 2. How easy it is to create very advanced malware without writing any code and only using ChatGPT
biznesstransform.com
BT MAY 2023.indd 63
So, I started my foray by looking to see what I could get ChatGPT to generate. I decided to use the Go implementation language, given the ease of development and that I could manually check the code if required to debug issues.
THE FIRST RENDITION - BUILDING THE MVP The first prompt I did was to just generate something quantifiable as malware. Understandably, ChatGPT reminded me it is unethical to generate malware and refused to offer me any code to help the endeavor. To work around this, I decided rather than being upfront with my requests to ChatGPT, I decided to generate small snippets of helper code and manually put the entire executable together. I concluded Steganography is the best approach for
MAY 2023
63
5/2/2023 10:33:00 AM
