Evening Edition 🌆: AI, Art, and Cybersecurity

Good evening, tech aficionados! 🌙 As the sun sets, let's unwind with a captivating journey through the realms of AI, cybersecurity, and digital art. 🚀🌌

First up, we're stepping into the visually stunning universe of Sandra Rodriguez, where AI intertwines with art, creating a spectacle that challenges and delights. 🎨🤖 Then, we'll sneak a peek into Google's Red Team operations, revealing the intricate dance of safeguarding AI from cunning cyber threats. 👨‍💻🔐 Lastly, we delve into the stealthy world of Open-Source Intelligence tools, where gathering information is an art and protecting it, a necessity. 🕵️🌍

Protecting your GPTs (Even though the instruction prompt in the video above is old.)

Instructing your GPTs

Beyond Algorithms: Sandra Rodriguez's AI Art

Canadian artist and academic, Sandra Rodriguez, is using her artistic talents to demystify and explore the burgeoning world of artificial intelligence. Her latest exhibit in a Montreal art space is a true AI marvel: a generative artwork created from millions of online searches for erotica, transforming into an abstract mosaic that challenges social biases in mass pornography.

Rodriguez doesn't stop there. She has also introduced a conversational bot inspired by linguist Noam Chomsky, aimed at unraveling AI's intricacies to the public. Her belief is clear: art should converse with society about emerging technologies and their implications.

Her journey from documentary cinema to digital media has been remarkable. Rodriguez's diverse background, including time spent at MIT, has fueled her passion for pushing the boundaries of technology in art. Her work, which has garnered attention at festivals like Sundance, doesn't just showcase AI's potential; it highlights its flaws and ethical dilemmas, like plagiarism and data misuse.

Rodriguez's next venture? A fusion of AI and dance, reflecting her lifelong passion and cultural roots. Her mission is to not just break the limits of technology, but to transcend them, enriching our understanding and interaction with the digital world.

Hacking AI: Google's Red Team Reveals Vulnerabilities

Google's red team, a group dedicated to understanding and preventing AI system hacks, has identified four major vulnerabilities in artificial intelligence systems. With AI's growing popularity, particularly in generative models, the need for robust security is more crucial than ever.

Here's a breakdown of the key threats:

1. Adversarial Attacks: These attacks involve inputs designed to deceive an AI model, resulting in incorrect or unintended outputs. The severity of these attacks varies based on the AI's application.

2. Data Poisoning: Attackers manipulate a model's training data to skew its learning process. This can include adding misleading data to influence the model's behavior.

3. Prompt Injection: This involves inserting content into a text prompt to manipulate an AI's output. Such attacks can result in biased, incorrect, or offensive responses, despite programming safeguards.

4. Backdoor Attacks: These are particularly insidious, allowing hackers to install hidden entry points in AI models for manipulation or data theft.

Google's red team emphasizes the importance of AI subject matter expertise in both executing and defending against these attacks. Their work suggests a future where ML systems can more easily identify security vulnerabilities, ultimately favoring defenders in this ongoing cyber battle.

The Power of OSINT in Cybersecurity

Open-Source Intelligence (OSINT) has become a critical tool in the world of cybersecurity. This practice involves collecting information from publicly available sources, serving as a mirror image to operational security (OPSEC), which focuses on protecting an organization’s public data that could reveal sensitive information.

The roots of OSINT date back to the 1980s with military and intelligence services, but it has since evolved to become a vital aspect of IT and cybersecurity. Modern organizations, with their vast, public-facing infrastructures, often have more digital assets than they can track. This includes everything from employee devices to cloud storage and social media accounts, all of which can be potential vulnerabilities.

OSINT Framework

While these tools offer a wealth of OSINT data, there are many other tools and techniques available that help you fully understand your organization’s public footprint. An excellent resource for discovering more tools is the OSINT Framework, which offers a web-based interface that breaks down different topic areas of interest to OSINT researchers and connects you to the tools that can help you sniff out the info you need.  

OSINT tools are designed to serve three main functions:

1. Discovering Public-Facing Assets: Identifying what information is publicly available about a company’s assets.

2. Discovering Relevant Information Outside the Organization: This includes looking for sensitive data in external sources like social media.

3. Collating Discovered Information: Turning the vast amount of data collected into actionable intelligence.

Tools like Maltego, Mitaka, and SpiderFoot, among others, are popular in the cybersecurity community. They help in discovering sensitive information that could be exploited by attackers, thereby playing a significant role in reducing risks ranging from phishing to denial-of-service attacks.

OSINT is not just about finding information; it's about understanding the digital footprint of an organization and taking steps to protect it. In the digital age, where data is as valuable as currency, mastering OSINT is a key defense strategy against cyber threats.

Maltego

Maltego specializes in uncovering relationships among people, companies, domains and publicly accessible information on the internet. It’s also known for taking the sometimes enormous amount of discovered information and plotting it all out in easy-to-read charts and graphs. The graphs do a good job of taking raw intelligence and making it actionable, and each graph can have up to 10,000 data points.

The Maltego program works by automating the searching of different public data sources, so users can click on one button and execute multiple queries. A search plan is called a “transform action” by the program, and Maltego comes with quite a few by default that include common sources of public information like DNS records, whois records, search engines and social networks. Because the program is using public interfaces to perform its searching, it’s compatible with almost any source of information that has a public interface, so adding more searches to a transform action or making up a whole new one is easily possible.

Once the information is gathered, Maltego makes connections that can unmask the hidden relationships between names, email addresses, aliases, companies, websites, document owners, affiliations and other information that might prove useful in an investigation, or to look for potential future problems. The program itself runs in Java, so it works with Windows, Mac and Linux platforms.

Mitaka

Available as a Chrome extension and Firefox add-on, Mitaka lets you search over six dozen search engines for IP addresses, domains, URLs, hashes, ASNs, Bitcoin wallet addresses, and various indicators of compromise (IOCs) from your web browser. 

The extension saves up your time by acting as a shortcut to various online databases that can be queried with a click.

For those who prefer a focused, more limited set, an alternative extension Sputnik is also available.

Spiderfoot 

Spiderfoot is a free OSINT reconnaissance tool that integrates with multiple data sources to gather and analyze IP addresses, CIDR ranges, domains and subdomains, ASNs, email addresses, phone numbers, names and usernames, BTC addresses, etc. Available on GitHub, Spiderfoot comes with both a command-line interface and an embedded web-server for providing an intuitive web-based GUI.

The application itself comes with over 200 modules making it ideal for red teaming reconnaissance activities, to discover more information about your target or identify what you or your organisation may be inadvertently exposing on the internet.’

Spyse

Spyse describes itself as the “most complete internet assets registry” geared toward cybersecurity professionals. Relied on by projects like OWASP, IntelligenceX, and the aforementioned Spiderfoot, Spyse collects publicly available data on websites, their owners, associated servers, and IoT devices. This data is then analyzed by the Spyse engine to spot any security risks in and connections between these different entities.

A free plan is available, although for developers planning on building apps using the Sypse API, paid subscriptions may be required.

BuiltWith

As the name implies, BuiltWith lets you find what popular websites are built with. Different tech stacks and platforms power different sites. BuiltWith can, for example, detect whether a website is using WordPress, Joomla, or Drupal as its CMS and provide further details.

BuiltWith also generates a neat list of known JavaScript/CSS libraries (e.g., jQuery or Bootstrap) that a website uses. Further, the service provides a list of plugins installed on the websites, frameworks, server information, analytics and tracking information, etc. BuiltWith can be used for reconnaissance purposes.

What’s more? Combine BuiltWith with website security scanners like WPScan that, for example, integrate with WordPress Vulnerability Database API to spot common security vulnerabilities impacting a website.

For those looking to identify mainly the tech stack makeup of a site, Wappalyzer may be better suited as it provides a more focused, concise output. Try both BuiltWith and Wappalyzer for yourself and see which suits your needs better.

Intelligence X

Intelligence X is a first-of-its-kind archival service and search engine that preserves not only historic versions of web pages but also entire leaked data sets that are otherwise removed from the web due to the objectionable nature of content or legal reasons. Although that may sound similar to what Internet Archive’s Wayback Machine does, Intelligence X has some stark differences when it comes to the kind of content the service focuses on preserving. When it comes to preserving data sets, no matter how controversial, Intelligence X does not discriminate.

Intelligence X has previously preserved the list of over 49,000 Fortinet VPNs that were found vulnerable to a Path Traversal flaw. Later during the week, plaintext passwords to these VPNs were also exposed on hacker forums which, again, although removed from these forums, were preserved by Intelligence X.

Previously, the service has indexed data collected from email servers of prominent political figures like Hillary Clinton and Donald Trump. Another recent example of the media indexed by on Intelligence X is the footage from the 2021 Capitol Hill riots and the Facebook’s data leak of 533 million profiles. To intel gatherers, political analysts, news reporters, and security researchers, such information can be incredibly valuable in various ways.

DarkSearch.io

While frequent visitors to the dark web may already be familiar with where to look for what, for those who may be new, DarkSearch.io can be a good platform for starting with their research activities. Like another dark web search engine Ahmia, DarkSearch is free but comes with a free API for running automated searches. Although both Ahmia and DarkSearch have .onion sites, you don’t need to necessarily go to the .onion versions or use Tor for accessing either of these search engines. Simply accessing darksearch.io from a regular web browser will let you search the dark web.

Grep.app 

How do you search across half million git repos across the internet? Sure, you could try individual search bars offered by GitHub, GitLab, or BitBucket, but Grep.app does the job super efficiently. In fact, Grep.app was recently used by Twitter users and journalists on multiple occasions to get an idea of approximately how many repositories were using the Codecov Bash Uploader:

Recon-ng

Developers who work in Python have access to a powerful tool in Recon-ng, which is written in that language. Its interface looks very similar to the popular Metasploit Framework, which should reduce the learning curve for those who have experience with it. It also has an interactive help function, which many Python modules lack, so developers should be able to pick it up quickly.

theHarvester

One of the simplest tools to use on this list, theHarvester is designed to capture public information that exists outside of an organization’s owned network. It can find incidental things on internal networks as well, but the majority of tools that it uses are outward facing. It would be effective as a reconnaissance step prior to penetration testing or similar exercises.

The sources that theHarvester uses include popular search engines like Bing and Google, as well as lesser known ones like dogpile, DNSdumpster and the Exalead meta data engine. It also uses Netcraft Data Mining and the AlienVault Open Threat Exchange. It can even tap the Shodan search engine to discover open ports on discovered hosts. In general, theHarvester tool gathers emails, names, subdomains, IPs and URLs.

TheHarvester can access most public sources without any special preparations. However, a few of the sources used require an API key. You must also have Python 3.6 or better in your environment.

Anyone can obtain theHarvester on GitHub. It’s recommended that you use a virtualenv to create an isolated Python environment when cloning it from there.

Shodan

Shodan is a dedicated search engine used to find intelligence about devices like the billions that make up the internet of things (IoT) that are not often searchable, but happen to be everywhere these days. It can also be used to find things like open ports and vulnerabilities on targeted systems. Some other OSINT tools like theHarvester use it as a data source, though deep interaction with Shodan requires a paid account.

The number of places that Shodan can monitor and search as part of an OSINT effort is impressive. It’s one of the few engines capable of examining operational technology (OT) such as the kind used in industrial control systems at places like power plants and manufacturing facilities. Any OSINT gathering effort in industries that deploy both information technology and OT would miss a huge chunk of that infrastructure without a tool like Shodan.

In addition to IoT devices like cameras, building sensors and security devices, Shodan can also be turned to look at things like databases to see if any information is publicly accessible through paths other than the main interface. It can even work with videogames, discovering things like Minecraft or Counter-Strike: Global Offensive servers hiding on corporate networks where they should not be, and what vulnerabilities they generate.

Metagoofil

Another freely available tool on GitHub, Metagoofil is optimized to extract metadata from public documents. Metagoofil can investigate almost any kind of document that it can reach through public channels including .pfd, .doc, .ppt, .xls and many others.

The amount of interesting data that Metagoofil can gather is impressive. Searches return things like the usernames associated with discovered documents, as well as real names if available. It also maps the paths of how to get to those documents, which in turn would provide things like server names, shared resources and directory tree information about the host organization.

Everything that Metagoofil finds would be very useful for a hacker, who could use it to do things like launch brute-force password attacks or even phishing emails. Organizations that want to protect themselves could instead take the same OSINT gathered information and protect or hide it before a malicious actor can take the initiative.

searchcode

For those who need to go really deep into the complex matrix of OSINT gathering, searchcode is a highly specialized search engine that looks for useful intelligence inside source code. This powerful engine is surprisingly the work of a single developer.

Because a repository of code needs to be first added to the program before becoming searchable, searchcode straddles the line between an OSINT tool and one designed to find things other than public information. However, it can still be considered an OSINT tool because developers can use it to discover problems associated with having sensitive information accessible inside code on either running apps or those that are still in development. In the latter case, those problems could be fixed prior to deployment into a production environment.

Although anything involving code is going to require more knowledge than, say, a Google search, searchcode does a great job of making its interface as easy to use as possible. Users simply type in their search fields and searchcode returns relevant results with search terms highlighted in the lines of code. Suggested searches include usernames, security flaws like eval $_GET calls, unwanted active functions like re.compile and special characters that can be used to launch code injection attacks.

Babel X

Relevant information isn’t always in English. Only about a quarter of internet users speak English as their primary language according to Statista, though various sources say as much as 55% of internet content is in English. The information you need might be in Chinese, Spanish or Tamil.

Babel X from Babel Street is a multilingual search tool for the public internet, including blogs, social media, message boards and news sites. It also searches the dark web, including Onion sites, and some deep web content that Babel X can access through agreements or licensing from the content owners. The product is able to geo-locate the source of information it finds, and it can perform text analysis to identify relevant results. Babel X is currently capable of searching in more than 200 languages.

Use cases where a multilingual search is useful include searching global news for situational awareness—for example, knowing trends in targeting for ransomware attacks. It can also be used to spot a company’s intellectual property for sale on a foreign website, or information that shows a key partner has been compromised. Customers have also used Babel X to find user handles of suspected attackers on non-English message boards.