The Insider Weekly #11 - A Cool Bug | New, Cheaper VPS | ChatGPT API
Someone recently criticized me saying that I should introduce myself and my work in every weekly newsletter. That’s a bit overkill, don’t you think?
“Hey, welcome to another video, if you’re new, I’m blah blah…”. Don’t you just skip that annoying portion of a video on Youtube? Jump to the point already ffs!
Mind you, I’m not gonna do that simply because, if you’re new here and you really want to know me, you’ll be looking at my about page for the very least.
That said, the TLDR for this week:
Finished 3 pentests, started another one, found a cool vulnerability, found a new VPS provider, made money with recon on a private target, published a ChatGPT prompt, and I’m gonna have a long weekend afk (away from keyboard).
I finished three pentests earlier this week, one was a code review that I was telling you about last week, one was a fraud detection app chock-full of permission issues, and another one was a banking/financial app that was very tight in terms of security, but I managed to pwn them via a cool bug that I wrote about it here. Feel free to clap, thank you!
Now, I am working on another pentest for a client and it should be done in a few days.
Earlier this week I tweeted about how satisfied I am with Paperspace as my VPS provider and how I like their transparent pricing.
The tweet was well received. Someone replied mentioning a German provider, Contabo, which comes with even better pricing. I’m flooded with top-notch services, and that feels really refreshing, to say the least!
With more time on hand for non-pentesting cybersecurity work this week, I’ve been playing with my private bounty targets. I scored another nice bounty of $800 for some information disclosure issues.
Then, my ChatGPT prompt got published on PromptBase and people started buying it. It actually turns ChatGPT into your ethical hacking expert virtual teacher. You can check it out here. I used this prompt one evening for three hours. It gave me a deep understanding of the SSL handshake.
OpenAI made big news two days ago by publishing the ChatGPT API, offering it for 10 times cheaper than the previous GPT-3. Most people don’t understand the implications of this, yet they are huge. If you have a business idea that wishes to use AI technology, reply to this email and maybe I can help you out.
Earlier, I was telling you that I’m building a Cybersecurity-AI app/service. Using the newly released API is going to allow me to offer it at a much better price. Stay tuned for that.
The release of the ChatGPT API brought up a cascade of updates to already-famous AI apps built on this technology. It also opened the door for next-gen AI-powered apps and services. You can see a huge list of innovative apps built on AI at FutureTools.
Some companies like Jarvis AI and others still charge obscene amounts for their services, which are based on OpenAI technology. In the long run, it’s not going to work for them. People are not stupid.
On another note but still on the same topic, in previous newsletters, I was telling you about Elicit and Consensus, two AI-powered apps for scientific research. They’re improving with every day that passes. Read the following thread on Twitter to understand what I’m talking about:
(With more time on hand) I was able to work on improving my private scripts and my methodologies for the different cybersecurity assessments I’m doing.
I also resumed my internet-wide cybersecurity research with Leakix and a few other platforms and tools.
When it comes to privacy and safety on the Internet, it’s still the wild west out there; and your private information, unfortunately, is not safe. With just a bit of surface-level research, I was able to get my hands on very sensitive information. And that’s not good!
I don’t want to imagine what a motivated threat actor can do if they replicate what I did. Add to that the daily data breaches, like the recent disastrous one of LastPass, and you should definitely, as a consumer or user, do the best of your efforts to keep a very small footprint. And at the very least, better trust your browser’s (Chrome and Firefox) inbuilt vault than third-party providers. I’d rather put more trust in Google than LastPass. You can read more about this rationale in this Linkedin.
It’s not all doom and gloom though; if you’re smart, careful, and sensible, you can keep your private information at bay from data breaches.
That’s all I have for you for now; I’ll see you in the next batch.