This post is related to content I presented on at BSidesLV and Red Team Village at Defcon 31. Materials can be found on my github.
I began using Chat GPT about 8 months ago and found it very interesting because the interactions required to bypass certain restrictions were similar to the elicitation techniques I used when I was in counterintelligence to gain specific information through conversation.
An example of classic elicitation might be trying to gather technology stack information on a targeted company. Once you’ve identified a person with placement and access, then engineered a natural encounter in a setting to speak with a stranger, such as a bar, it begins with talking about anything other than the information you are after to build rapport. From there, you move into a “get to know you” conversation format and eventually land on the topic of jobs and career.
Perhaps you present your career background as something tech-related so you can ask some basic tech stack questions and see where it goes from showing casual interest.
From there, steer the conversation away and continue conversing until the target topic is washed into the conversation.
Now, that’s just one interaction, and if you screw it up, everything you did prior is for nothing. I realized the fun thing with Chat GPT is that you can just click to begin a new conversation if it goes sideways on you. It allows you to take chances and methodically try approaches over iterations.
This talk is going to cover different approaches you can layer together to bypass the restrictions AI models attempt to put into place, in order to use generative AI models to enhance your red team operations and life in general.
Also, as we go through all of this, keep in mind that I used generative AI to expand my initial ideas and create all of my research. I figured since I had already done this research, and it was for using AI to enhance operations, why not apply it to creating the research presentation?
So I started by putting my notes and original rough draft into Chat GPT and asked a few refinement prompts to create a CFP for BSides and DEF CON Red Team Village CFW submissions. I honestly didn’t think it would be selected, but it was putting my money where my mouth was, so I could at least have that as a takeaway.
Then my BSides submission was accepted! And then my submission for a 2-hour-long red team village workshop at DEF CON was also accepted! So the “cheese” worked, and I was presenting. Now I needed to complete the research exercise and create all of the presentation materials.
I used AI to create some scripts to demo for different phases, and then decided to make a research write-up using AI to gather everything in one place. It ended up being 70 pages, so I made it a book with a glossary. I used that to create my slide deck text content using AI, my logo, C2s, attack tools, a Raspberry Pi CTF lab. I hope you enjoy the presentation and associated materials, including this.