22 March 2023

The Growing Use of AI in Cyrex’ Penetration Testing

The impact and growing influence of AI technology, in particular ChatGPT, has been felt throughout many industries. We’ve already touched on how gaming security is being impacted by ChatGPT and in one of our recent articles, we discussed how ChatGPT directly affects our penetration testing services and how malicious actors benefit as well.  

But there’s more to ChatGPT’s uses in penetration testing and the Cyrex team felt it necessary to address these cases. For those in the industry and those outside it, it’s important to be aware of how powerful ChatGPT is and how it affects the world of cybersecurity.  

Identifying Cryptographic Algorithms with ChatGPT

A cryptographic algorithm is explained in part in our recent reverse engineering blog. Effectively, when we want to hack a game and intercept its traffic, the traffic is encrypted. We need to understand which cryptographic algorithm is being used and get the encryption key to get properly to work on hacking.  

There are different cryptographic algorithms in every industry, so how do we discover which one it is? How can ChatGPT assist in that effort? During the process of reverse engineering, we’re looking for a particular piece of code in the assembly. This code will tell us what type of encryption is being used. For ChatGPT, it bypasses the slow, laborious efforts required as it identifies patterns immediately. From there it can tell us what algorithm is being used, like RSA or AES.    Different key lengths in the algorithms pose no extra issue for ChatGPT either. Once our security engineers discover the right location for the code, they still have to identify its length but ChatGPT can deliver that in the same breath.  

Using ChatGPT to Validate Source Code and Best Security Practices

Using ChatGPT like this ties directly into one of our main services. White Box penetration testing and engagement, alongside source code review which we typically do in the same package. Often, this is linked with client-side vulnerability inspection.  

One of the most incredible functions ChatGPT offers is the ability to offer it a function and ask it what it sees. You can ask it for vulnerabilities, issues, inconsistencies, or redundancies. You can ask what it does and how each of these things might affect its security.   It’s not just vague either with its suggestions, it can understand certain functions are more vulnerable to SQL injections and will advise you to consider this. It can offer suggested payloads or exploits based on the function you provide and identify the best payload to use for the specific database. This level of repeated checks is integral with something like smart contract security. Which is both short enough for ChatGPT to handle all at once and is permanent once implemented onto the blockchain.   

Once you’re aware of your vulnerabilities, ChatGPT can even offer suggestions to optimise your code. Common best practices and recommendations for security are important but they extend beyond that and into code efficiency. All of which ChatGPT can offer. And with the recent release of ChatGPT-4, its uses are only growing in power and potential.  

Everyday we are astounded by the growing technology that is ChatGPT. It is a permanent tool in our box of tricks and expertise when it comes to our services, allowing us to cover more ground even faster with our pair hacking methods. Keep an eye on our socials and our website as we continue to explore the uses of ChatGPT, AI, and the growing world of Web3 and Blockchain technology.

Get in touch today and your team can benefit from the gold standard in cybersecurity that is Cyrex.