The Insider Weekly #13 - SecGPT is Live | Critical Bugs | Gone Biking

Cristi

Mar 17, 2023

TLDR: SecGPT is now live, found some critical bugs in my pentests, GPT4 is out, sleep insights (from the good and the bad nights).

One of the penetration testing engagements I had from a client this week has been an external assessment. Two of the issues that I found were of high and critical severity. Automation failed me in this situation and my gut instinct and manual testing prevailed.

🇷🇴 cristi @CristiVlad25

I never rely on automation alone. In a recent external pentest, I was going over the assets manually, while running some tools in the background, including nuclei.

My cybersecurity work this week, mainly pentesting, has been quite on point. Alongside, I’ve had sufficient time on hand to devote to other areas, mainly AI, and building and releasing SecGPT. I wish I had more time to spend on my private bug bounty targets, as well as on refining my methodologies. But you can’t do everything all at once.

So this week was mainly about building SecGPT, which is an AI model trained on thousands of cybersecurity reports. The reports are available publicly and I’m using Langchain and OpenAI’s Embeddings, alongside other tools and tactics, to make it happen.

🇷🇴 cristi @CristiVlad25

🚀🔒Exciting news! SecGPT is now LIVE! Trained on thousands of cybersecurity reports, SecGPT revolutionizes cybersecurity with AI-driven insights.👇

I’m glad it’s out. Now, I’ll keep on adding training data to it on a frequent basis, as more cybersecurity reports and writeups are published. Feel free to reach out if you want to contribute in one way or another.

Similarly, I tweeted about building AIs on top of corpora of text:

🇷🇴 cristi @CristiVlad25

If you have a large document base (texts, PDFs, internal, websites, etc), I can build you an AI on top so you can talk to it. #langchain ftw. #ai #chatgpt @LangChainAI

I’m learning a lot about embeddings and their capability to power this process. And the Langchain documentation and my experiments with SecGPT are witnesses to this.

Now, for the big elephant in the room.

🇷🇴 cristi @CristiVlad25

Recap for the Pi Day 2023: - @Google announces Palm API - @OpenAI releases #ChatGPT4 - @Microsoft confirms #BingAI uses GPT4 - @AnthropicAI releases Claude+ via Poe @Quora What a time to be alive!!!

Tuesday was a big day. GPT4 was launched. But sadly, given my workload in cybersecurity and AI didn’t give me enough room to play with it; yet still. Though as I said, I think that my best use cases for it are:

code review
code generation
code explanation

Hopefully, I find more time this weekend and next week to play with it and also with Perplexity and BingChat. I’m not for the very least excited about Google’s Palm API announcement; they don’t even have a waitlist yet. I think they’re losing the game rapidly.

I took time off last weekend and it was awesome. Spring came in full force and I spent a decent amount of time in nature.

This weekend is going to be even better and I’m planning an extended (~3h) bike ride for Sunday. I ride my bike every day for about an hour. This is probably the best time of year for it because it’s not hot, it’s not cold, and there are no bugs to fly straight into your eyes.

Last week I did a 40h fast and this week I also clocked another 30h fast. Given that it’s the Orthodox Great Lent right now, this is one of the best times of the year to combine the two: spirituality and lack of food.

On another note, there have been a few days when I got to sleep before midnight, and my sleep was significantly improved both in terms of subjective and objective quality, measured by my Oura ring. But then it circled back because I went to bed later than 1 PM on 3 nights. Sleep was not bad during those nights and I didn’t feel worse the following day, but that’s just not right over the long term. My ultimate goal: sleep before midnight, at least 7-8 hours.

Anyway, I’ll talk to you next week, or earlier.