3. Research Red Team tools that hackers and pentesters commonly use and compare those tools to the defender tools available from Microsoft:
4. Do the same for a list of BlueTeam tools and compare to those available from Microsoft:
5. Use the above 2 tables (and whatever else you can dream up) to identify gaps in your security defenses and to educate you on Microsoft tools that may be of value.
Since the explosion of publicly accessible OpenAI, the question of how to monitor its use within an organization has been a frequently asked question.
Below are some topics relevant to the most common OpenAI services/features available today. Consider using these topics/suggestions as a starting point to creating a scope of topics relevant to security governance, and to help develop security policies for your organization.
Description: If you’ve used Auto-GPT, you might be concerned about the ability of OpenAI tools to be given full root/admin control to do whatever it takes to provide the answer to a question. This includes creation of scripts, adding/deletion of files, and even rebooting your pc.
Security Policy Consideration: Strict monitoring of any open source OpenAI tools that are running on enduser pc’s or on servers should be strictly monitored and approved for use.
There is nothing perfect about auto-gpt but like chatgpt it’s another tool that if used creatively can be used to achieve amazing things I wouldn’t have even considered doing 2 months ago.
If you want to read about my odd path of discovery in building this script, see the short story below, otherwise just enjoy the script.
Ramon Gomez on LinkedIn had the idea of using auto-gpt to find threat actor in the new as they relate to the United States Energy sector.
His attempts at using auto-gpt failed but I gave it a try anyways.
Sure enough it failed for me too, but I carefully read the output from auto-gpt and I could see what it was trying to do:
Although auto-gpt tried and failed, it had an excellent approach to the problem.
And using ‘regular’ chatgpt I was able to ask the same sorts of questions and get much better answers.
Finally, as a result, chatgpt (and I) came up with the script you see below.
Note that this script has flaws, like some of the urls aren’t useful (but some are), but it does in fact work! enjoy.
import requests
from bs4 import BeautifulSoup
# Define a dictionary of threat actor names and their aliases
threat_actors = {
'APT1': ['Comment Crew'],
'Lazarus': ['Lazarus'],
'APT29': ['Cozy Bear'],
'APT32': ['OceanLotus Group']
}
# Define the URLs for the news resources
# Loop through the URLs and extract relevant web page URLs
# Define the URLs of the news resources
urls = [
'https://www.fireeye.com/blog/threat-research.html',
'https://www.kaspersky.com/blog/tag/apt',
'https://www.ncsc.gov.uk/news/reports',
'https://thehackernews.com/search/label/apt',
'https://www.recordedfuture.com/apt-group-threat-intelligence/',
'https://www.anomali.com/blog/threat-research'
]
webpage_urls = []
for url in urls:
html = requests.get(url).text
soup = BeautifulSoup(html, 'html.parser')
for link in soup.find_all('a'):
href = link.get('href')
for actor in threat_actors:
if actor in link.text or any(alias in link.text for alias in threat_actors[actor]):
webpage_urls.append(href)
# Print the extracted webpage URLs
for url in webpage_urls:
print(url)
My coding skills are enough to get by, but I’ve found new inspiration in everything from how to write better code to how to make better coffee by using the openai playground.
It’s easy, just go to:
https://beta.openai.com/playground
And start typing your questions.
It helps if you are more descriptive on what you want, eg.
‘generate detailed vbs code for copying files over the network to another server’
Sure, you could just find a code generating web site, but there’s a convenience in being able to use simple sentences to describe your needs vs the harsh logic of a google search!
And now you have a new, portable, tool to entertain you during those boring moments in your life…
Enjoy, and welcome to the future..
Simple-Security 