The Insider Weekly #16 - JWT Bugs | Sparks of AI with GPT-4 | Making More Money
Discover more from Cristi Vlad
The Insider Weekly #16 - JWT Bugs | Sparks of AI with GPT-4 | Making More Money
TLDR: uneventful, part 2.
Another week of mundane routine has gone by and I enjoyed it greatly.
Surprisingly, winter came back after a short burst of spring in late March. It’s been snowing and raining almost daily in the past week and I barely got my bike out for a spin, to the office, and back for one or two days. But things are about to change by next week, as the nice weather starts to settle in.
First and foremost, I’ve been working on 4 pentests this week and I learned a lot when it comes to mapping the internal infrastructure of a company and diving deeper into individual services running on obscure port numbers. I’ve found some serious issues such as private document leaks, and some not-so-serious issues such as XSS.
Two of the pentests were web apps; one of them had a critical issue with JWT, in that I was able to forge my own tokens.
The thing is that at the time of writing the report, I couldn’t validate the issue, even though at the time of the finding, I had triple-checked it.
I find it unprofessional that the company/client is making significant modifications to the app while the pentester is actually assessing it; this might render the entire pentest ineffective. But, I closed my eyes on this one and I will leave it out of the report because there have been other serious issues that I found.
On another note, I’m spending 1-2 hours this weekend on my private bounty targets, because two of my recent reports got rewarded. I submitted 3 reports, and 1 was a duplicate. It was my first duplicate on the platform - they are really good at minimizing duplicates.
I really don’t have time for bug bounty hunting but the team on the platform is really professional and I also want to exercise my recon abilities more. There’s not much wide scope recon undergoing in my pentests, as most of them are for web apps, mobile apps, or internal/infrastructure. I mean, there is recon - but not the kind of recon (* scope) I teach in my Recon course.
With the recent update from yesterday, SecGPT’s current knowledge is up to date. I fed it cybersecurity reports up to March 2023. That said, I’m taking my foot off the gas pedal with SecGPT because I think the big players in the market (OpenAI, Microsoft, and others) are about to eat most of the small players. Though, I’ll be actively developing it, but with less priority.
I find that one of the best use cases for SecGPT is for cybersecurity professionals to get insights into very particular issues for which either Google or ChaGPT can’t help you right now. SecGPT’s knowledge comes from thousands of security documents and it will answer queries directly from them, such as for this:
It’s been 3 weeks already and I’m still waiting for the invite to ChatGPT plugins, especially the browsing feature.
I’m not as excited as I was in the beginning and these long waitlists don’t do anyone a favor, which other than a marketing ploy don’t serve a greater goal if you’ve put in sufficient quality work into your product and into security measures regarding it. I might be wrong though.
Along the same line of thought, I’ve spent 1-2 hours almost every night this past week on reading research papers, most notably the giant 100+ page paper Sparks of Artificial General Intelligence: Early experiments with GPT-4. It’s gonna take a while to get through it entirely because I’m playing (and consistently getting jaw-drops) with GPT-4 alongside.
One of my favorite experiments is role-playing, such as having GPT-4 impersonate an important figure for which there is enough data online (so as to minimize/reduce hallucinations). This is one of the best ways to learn about that figure in their own words, such as I do here with Napoleon Bonaparte:
In this case, I also took the role of Aristotle.
I know there’s the Character AI platform that can do the same (to an extent), but I like the full control and the convenience of having everything under the same OpenAI hood.
Also, worth noting:
I recently realized that I significantly increased my revenue compared to 2022, mostly from my work with pentesting clients and a few other cybersecurity-related projects.
Money is not my barometer, but it’s a good marker to validate my journey. My deepest satisfaction comes from the experience and skills I obtain from my non-stop work on the different types of cybersecurity assessments (web, mobile, code review, infra/network/internal).
When it comes to cybersecurity research, I’ve been able to grow a wordlist of 7 million words from different sources (that mostly nobody has access to, with a few exceptions). Now my biggest challenge is to clean it and reduce it to roughly 150k - 200k words (file and directory names). Then I’m going to use it for fuzzing on my pentesting work and on my private bounties.
How you can innovate in cybersecurity with AI (as a tech entrepreneur)
1-click security firmware analysis is now possible with BugProve
I further reduced the number of channels I follow on Youtube to ~70 (from 400 to 90 initially). It gives me peace of mind and allows me to focus on what I really care about.
I've also further cleaned my to-do lists, my notes, and my planning documents. It’s part of my continuous optimization/simplification process.
According to my Oura ring, my sleep has improved significantly despite my sleep schedule remaining the same: 12:30 AM to ~8:30 AM.
Until next week; have a good one!