Penetration Testing using AI

I had a dream last night about a training course called “Penetration Testing using AI” and where the Kali command line prompt was replaced by ChatGPT 4. The course was admitting anyone from the street, and advertising a “One day course to hack the planet. Guaranteed success or your money back!”

But, perhaps it wasn’t a dream and will become a reality for our adversaries. Be ready for the onslaught. Over the years, we have generally discounted script kiddies, as they tended not to have too much in-depth knowledge of the protocols and systems they were attacking. Overall, they were running scripts which could easily be detected by our monitoring tools, as they had well-known signatures.

Like it or not, the script kiddies are back, and now they will be more powerful than any human brain. Companies need to invest in defences now, or risk the whole company becoming exposed to the world. The days of spotting nieve spear phishing attackers with poor grammar and bad spelling are receding fast. As defenders we will need new skills and new tools to defend against the rise of the “superintelligent script kiddie”. The whole of the cybersecurity industry will have to raise their knowledge and skills up a few more levels.

Here is our review of some of the methods that our adversories could use [here]: