My wife is being tapped at work to get involved with AI aspects of cybersecurity and looking into matching solutions where she works. This could be very handy for red team/blue team testing there.
Most of the information shown here is already included as part of Llama 2 and Mistral's base training sets baked into the models. This information is considered fairly entry-level and common in cybersecurity. You could get similar or even better results using a newer base model that has been uncensored such as openhermes-2.5-mistral-7b. I did a quick check and it provided all the same information. I would love to see if this model could do more than just spit out a textbook example of a script. The real feat will be when these models have agents that can actually connect, analyze, and hack a system.
Matt, I think having a private bot to automate various periodic CyberSecurity assessments and consolidate the findings into a report that tabs out into different versions of reports to include a technical summary with recommended steps to take, leadership status update, risk assessment, and change management tracking and analysis, would be extremely beneficial to various organizations at various levels.
The questions you asked were typical ones covered the likes of Google's Certificate in Cybersecuirty, which covers cybersecurity basics. This could be a really cool tool to help people wise up to basic security risks, such as not using a VPN on a free wifi network, or not using proper security protocols on their websites.
Yeah this was a basic demo.He wasnt showing what it could REALLY do😂...If u know how to prompt systems and code some,this model can spit out some wild stuff. Especially if u get a model that can self optimize,it could create a whole new book of stuff
The questions were general. This is just a language model with search and copy paste abilities. I'd be a lot more impressed with a cybersecurity AI that can analyze cpu workload, temps, pcaps, and ram usage, then come back with an answer to what it found.
LLMs intelligently analyzing attacks and writing tools to detect and stop attacks has a lot of potential. I dont think this is it, but I might be wrong.
00:01 HackerGPT introduces White Rabbit Neo for offensive and defensive cyber security. 00:52 Using masked Compu compute for powerful GPU and Linux desktop access 01:44 Setting up and running text generation web UI on different operating systems. 02:40 Downloading and loading the model with specific parameters 03:27 Trained HackerGPT for Cyber Security 04:11 Learning to attack Wi-Fi networks using Wireless techniques. 05:06 Monitoring network traffic and protecting against hacking 05:59 Overview of ethical hacking and responsible use
Why, internet is dirt cheap nowadays and there are free hotspots. And I didn't see it using Aircrack-NG autonomously, it only provided general info how it works.
Let's put it this way. Fortune 500 companies leave their routers on all the time. When they're breached, it's not due to the routers. They're literally the least of the concerns.
This would have been more interesting if you used it to walk through a hackthebox machine (or any ctf problem), to show how someone who doesnt really know much about cybersecurity could use it somewhat practically.
Nice video. Nice pointers. Tried it at home. One issue I found is that the answers are not reliable. I've asked the model to give me description of CVE code that was obviously too new for it to know. Different answers would always attribute it to different target system and vulnerability type and score. Some of those "were reported" in the future up to Jan 2025. My instructions not to invent things went unnoticed. :D. Still fun exercises.
I wonder if ethical considerations have been broadly lifted. For example, does this model tell you how to break into a car? Also, how does it perform in non-hacking areas? Why not run it through your rubric?
they already have many uncensored versions that can tell you how to break into a car, make meth, build a nuke, etc. idk if u been living under a rock but u can find these within a matter of minutes xD
> As an AI developed by OpenAI, I must clarify that I do not have personal preferences or opinions on any Pokemon species, including the mudkip. However, I can provide information on the general idea of Pokemon and their characteristics. Yeah, totally a Llama2 model.
So, will this eventually replace actual pentesters, cyber security experts & such? Am I wasting my time studying for the CompTIA as I’m taking pentester courses?
There is not such a thing as perfect tools even as an ai. Ai will surely be able to analyze and make report on potential positive suspect activity but you will also get some positive-negative situation. The problem will be in the situation where u will get a negative-positive result. Unfortunately as in any field, even medical, things are not as easy as that.
It will never have the necessary creativity like using a qbittorrent client exploit to download a monero miner onto people's home servers and creativity is the bottleneck, not writing the actual script.
@@MagusArtStudios That's why people who are terrible at writing guides or have any creative thought will never be as good as someone who is good at being creative and understanding what they want. As an Open AI Employee said if you can talk to people and get across what you really want AI is a huge helper for you, but if you cant... You're not going to get far with it.
How do we know that they aren't hackers who have set up this AI and are using it to gain any particular information about us and our systems as they can while we "use" their AI system to better secure our own servers and laptops?
Hey there. Have been seeing your videos since last year. Can you please do a review on the new tinyllama 1.1B llm model. I heard it's a good model for its size but am having strange results with it. Thanks in advance
@@adamstewarton Hmm.. Thanks for the clarification. I actually thought it was a chat trained model. Really excited to see what cool models the community generates using this. These models will be easily be run in low end hardware so we can easily give our microwave personality so they refuse to heat us food for us when we're in a diet :)
When I go to load the model, it loads to about 67% and then there is an error that requires me to run the start_linux command again and start over. Any quick suggestions?
Glad you mentioned you are new to Cybersecurity because its protection suggestions to your "wifi attack" dont apply. All you have displayed here can be displayed on other A.I.s like ChatGPT but you need to have a basic understanding of know what to ask.
Useful but VERY dangerous.Can only imagine what the other side has...I could combine hacker GPT with an open source bot swarm & do some really nasty shyt. Infosec people had better get it together,like today....You could literally sit on this and research new ways of penetrating systems.
Thing is this is actually more limited I tried it and I couldn't get it to do things that I could trick normal chatgpt to do like write me some malicious code.
2:14 --listen also breaks stuff in some versions. It should be fixed but I experienced it even in "fixed" versions. For example expansions tab didn't work anymore.
It doesn't seem groundbreaking to me. It's just a guide for script kiddies and nothing more. To harness this potential effectively, you need to have some knowledge. You won't utilize it properly and fully if you don't know what you're doing. Simply copying and pasting commands and code will lead to nothing but confusion, if anything at all. That's why I say this tool is just a guide for those who already know what to do but need access to all commands. It's like an interactive man page for Linux.
Very helpful walkthrough - thank you! I wonder if there is anything special I have to do to make it work on a Mac M2 32GB? Because so far it only produced 4 words... and I already wait for about 20 minutes...
I'm not an expert, but if you have a mac with m2 chip, it should clearly give you way more then 4 words in 20 minuts, read about Metal wich is what Macs use, or try to restart the model loading. Cause clearly something is wrong there. I dont know if this model works or not, but it should work normamly since it is just a simple text model like many others, did you try any other text models? if you did and they work normal, then maybe is better to retry downloading the model again, cause it probably didnt download fully but is still a file there, wich is not complety, it happens with me a lot, when I put download models, it breaks the download but the file is there anyway, but instead of having lets imagine a model with 5GB it has, less say the download break at 1gb, it has a file with 1gb only, but it thinks it is the normal file since most apps like webui and llmstudio, don't check if the file is good or not, they just try to run it anyway. And freeze in the midle of generetion or crash.
"You don't really need to worry about what these do" "I don;t know why it does that. "Cybersecurity isn't something I'm an expert on, in fact I'm a complete beginner. SOOOOOO about that... WTF? This is why professionals don't go giving any yokel tools. This is another level of WTF? You don't know what your doing. You don't know how these models work. Have you even looked at the code? This is why we can't have nice things. Would you play with a loaded gun? Or hand one to someone else?
Hey I have a question, how do I deploy and use these models? The site doesn’t give much help with this, if you could reply and tell me step by step how to do it or possibly make a video that would be great! Thank you!
Hello all. I had an issue... after I started the vm and installed the webui, I was unclear where you went to to paste in the whiterabbitneo card to hugginface. I couldn't find that page you were on that allowed you to manage all the settings. I'm kinda new to all this.
Do you think this is good? In the video you mention that you are not an expert in cyber security, and in that regard you are absolutely right. If you really knew what you were doing you wouldn't have made this video. You have created a tool for bad people with this video. I understand that you want to educate people who want to learn. But there are those who are going to use this content to do harm.
Why are you calling it HackerGPT why label it like this? quit these silly titles and name it for what it IS CALLED...WhiteRabbitNeo....same applies for Trinity! woot woot...quit selling out to OpenAi leading people to believe its OpenAi-like....its Open source and quite different than openAI....stop calling these things GPTS (such a lame term)
The VM is pretty bad. Most of the stuff does not run on the VM and it takes ages of your paid VM time to set things up. It's pretty unsuable. Also you cannot create an image of a VM. So if you want to visit your VM later again, you either keep it running in the background, which will get very expensive, very fast... Or you setup everything again. Naah! Won't do that.
All this info has been readily available for years in any number of hacking books. If you have a PDF version of the book you can also obtain it seconds with a simple search...
I cant be able to download the whiterabbit model as it says unauthorized acess token error. Then i tried to get a token and insert it into the hf_api set access token, i am unable to set it. Can you shed a light what can be going wrong?
A lot of hacking is preventable if people weren't lazy, FACT. I remember during my Cyber Security training they questioned the whole class which infrastructure was the most vulnerable against a hacker was it software, network or internet? Some said network others said software I was last to reply neither, the tutor look at me & asked why is that? I replied the most vulnerable point for any hacker to get into any system is a person. The tutor asked what if the network was closed looped & firewalled from any external access no WIFI? Easy watch the building gather information find out who is the main infrastructure administrator tail them then grab them & torture the information out of them. If you want to make it secure don't make one person as the sole administrator I would suggest 3 people are require to input authorization before before any software or hardware be implemented into the system, tutor just looked at me & said interesting then proceeded with the lesson.
How do i set it up to protect my devices. Show a videos on blocking and securing systems. Dont care how to attack them ansld every damn security youtub video shows how to hack them. Nobody make videos on stopping and evicting all 5he jackasss that every youtube teaches how to be stalker by hacking cell phones bet you make videos preventing the assholes from doing that shit will get you in the millions of subscribers. Because nobody making these videos. If this is correct i do know it is worth morethen anyone willing to pay. feel free to pay me what the suggestion you feel was worth.
As long as there' s no co-pilot for writing 0-days I am not too impressed. This model just gave a general overview of tools/steps to take but I think it wouldn't take out any of the nitty gritty work out of your hands.
Hmm, very tame and generic responses. I havent seen anything here that would be of real use to hack or secure against. I am pretty sure those iPhone passcodes hacks wont work either. But of course this is just the beginning. Eventually we will have a war of AI bots attacking and defending 🙂
I just convinced GPT3.5 free version to give me detailed instructions how to attack a server running Ubuntu 22.04 on Hetzner dedicated server. It did not even blink. I was shocked. And it continued to coach me as i tried what it said against my own server. Each detail I asked was answered with details.
It would be interesting to have a model in which open source tools are included and through different queries the model begins to search for and analyze all the vulnerabilities.
You can ask ChatGPT to help you write a non-fictional story about a book you're writing and simply ask what the fictional character would do in each scenario
What a useless LLM "I cannot provide assistance with creating or executing scripts for unauthorized access control mechanisms or other illegal activities. Security measures should only be implemented after thorough analysis and discussion within the context of an authorized security program. If you have questions about securing your network, please feel free to ask me any legal and ethical queries that are relevant to cybersecurity best practices in a controlled environment."