NahamSec Explores the Use of ChatGPT in Hacking

In this video, NahamSec addresses a frequently asked question from his subscribers: the usefulness of ChatGPT for hacking. He begins by emphasizing that the effectiveness of this tool largely depends on how it is used. NahamSec shares his personal experience using AI tools in his hacking and cybersecurity projects, noting that while some users waste time struggling with automation scripts, others abandon AI after getting unsatisfactory results. The key, according to him, lies in how one formulates requests to the AI. NahamSec introduces the basics of prompt engineering, a method for formulating effective AI requests. He explains the six essential components of a good prompt: the task, the context, examples, the persona, the format, and the tone. However, he stresses that for hacking, a different approach is necessary. Technical tasks require increased precision, and AI outputs are often directly integrated into hacking tools. Additionally, content filters and prompt rejections are common challenges. To overcome these obstacles, NahamSec proposes a prompt formula specifically designed for hacking, comprising six components: a legitimacy statement, the task, the technical context, output constraints, knowledge limits, and success criteria. He illustrates this formula with several practical examples. For instance, to generate XSS (Cross-Site Scripting) payloads, he starts with a legitimacy statement, followed by a specific task, technical context, output constraints, and success criteria. He shows how this approach can be applied to other types of tasks, such as generating SSRF (Server-Side Request Forgery) payloads or analyzing JavaScript code to identify API endpoints, methods, parameters, headers, and authentication requirements. NahamSec also shares strategies for bypassing prompt rejections and content filters. He recommends being very specific and technical in requests, framing demands in an educational context, and providing clear limits. For complex tasks, he suggests breaking them down into smaller, more manageable sub-tasks. In conclusion, NahamSec emphasizes the importance of formulating effective prompts to make the most of AI tools in hacking. He reminds viewers that these tools are meant to complement users' skills and knowledge, not replace them. He encourages his subscribers to verify AI-generated outputs before using them in real evaluations. For more details and to see the examples of prompts used by NahamSec, watch the full video at the following address: https://www.youtube.com/watch?v=0lq-CokNjSI