This AI Tool can Auto-Hack Websites (kinda)
Vložit
- čas přidán 2. 06. 2024
- Learn Hacking for Less than $1 a Day 👉 seytonic.cc/TCMSecurityAcademy
0:00 Intro
0:17 This AI Tool can Auto-Hack Websites (kinda)
4:27 North Korea's Latest Money Making Scheme
6:52 Ring Paying $5.6M in compensation
Sources:
The research paper arxiv.org/pdf/2404.08144.pdf
www.darkreading.com/threat-in...
www.theregister.com/2024/04/1...
go.theregister.com/feed/www.t...
North Korean Internet Blog nkinternet.wordpress.com/about/
www.38north.org/2024/04/what-...
www.rfa.org/english/korea/nko...
www.ftc.gov/system/files/ftc_...
www.ftc.gov/news-events/news/...
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - Zábava
Make your website with AI and hack it with AI for pen testing. This has gone beyond the point of stupidity
Résumé: made by AI
Website you pentest: made by AI
The pentest: performed by AI
The documentation of said pentest: written by AI using a template
I'm feeling a bit lazy, can AI open the bank account for my salary?
AI makes website with AI, AI uses AI to pen test the AI built website.
Just got an Add by an international manufactoring firm bragging about their new Quality Control Process. It's an AI playing "where is waldo" with bad solder joints. It has been trained on images of good and bad solder joints. Which have been generated by a different AI, using only a handful of original images. So, yeah, if your german-made(tm) electronics turn into a firestorm, rest assured the AI was satisfied with its results.
"I know how to hack now! What? Explain how I did it? Hold on, lemme ask my AI waifu."
I don't get it
The "You only have 30 days to claim your coins" is just incredible thing to happen considering all the scam emails that use this type of time pressure methods portaying exactly as PayPal, this is going to be a shitshow.
All of that just for them to keep the money smh, I guarantee you most Ring doorbell owners haven't even heard of these events so they'll miss out on the money.
5.6 Million Dollars paid out from Ring? Gee willikers, wowie! Their parent company is only worth over a trillion dollars, justice served 🥰🥰🥰
It's like one of us being fined a late return fee, for a film rented from blockbuster...
actually there was a reddit post where a guy pinged his article about how this paper and the high percentage of success "could" be misleading. hoping that is mentioned in the video here.
EDIT: i think that info isnt added here, i do recommend reading that article. i'll ping here if i find
Yep, the type of vulnerabilities wasn’t representative. Still crazy nonetheless
@@Seytonic yes, imagine this same thing a few y̶e̶a̶r̶s̶ months down the line...
Any luck finding?
Top comment, 3 hours later and no source 😅 random guy or random AI company investor
good source of the reddit post…
5.6 million for billion+ dollar company.. 100% fair and justice xD
To be fair, $5m is a lot of money considering that the company doesnt actually have billions in cash right now. It likely has much less and the billion dollar value is only its market cap which is different.
Its highly likely ring only have hundreds of millions in cash, where a $5m fine is NOT a slap on the wrist, but more a school lunch detention so to speak
Trillion
Just from a quick scan of the research paper it appears anything achieved with GPT here could equally be achieved with a regular custom written tool for exploring any one of those vulnerabilities (with the added benefit of not needing to pay anything beyond electricity/hosting costs). The paper also says that even for GPT-4 as soon as you remove the CVE description the success rate drops from 87% to 7%.
But if you added dark web access to the AI I assume the success rate would be higher
@@Xnoob545how would giving it access to the tor network make it a higher chance lmao
@PankyGD it would allow it to buy exploit code
@@reabstraction yes so you can feed your AI with 200k start capital to buy useable exploit
The Spøñsør starts at 3:34 and ends at 4:26
???
use sponsor block LOL
it's literally in the chapters
aut0m0d@@samudotlol
@@cosmos2382true
What is scary inst the AI, but the people that make vulnerable system despite the public databases and unemployed security professionals
I would know this well.. the industry only hires once they get a breach, usually...
"hack into websites" to my understanding, the 87% success involved a lot of XSS attacks which isn't exactly "hacking" and is something anybody, AI or not, could learn to do the basics of in an afternoon
good point, but "hacking" has never had a good definition since it was used in the MIT Railroad Club. Specific terminology from professional pentesting should be used in cases like this.
Best sponsor ever, thank you so much
That ain't gonna go well
Fr😂
You’re absolutely right. With computers, anything is possible. It’s only a matter of time before stuff like this becomes even more sophisticated and the internet will never be the same again.
wow that ring segment came out of nowhere, enjoyed this one
I feel like AI will always have a predictable pattern to follow, which will make it easy to defend against it. Just the landscape changing.
Ring (and other camera manufacturers) should include an offline mode that lets their cameras save everything to a local NAS. Any camera system that doesnt is a piece of junk.
6:04 clerks cartoon tv series turns out to have been a prophecy lol
"If you clicked on this video for an AI tool that turns you into a hacker" No, Seytonic... that's why I clicked on your videos 2 years ago. Then I learned that that's not possible, and now I'm stuck here with you, vibing to security research on CZcams, have a good day sir.
crazy stuff always good as normally
The AI agents with a code interpreter is something I've been tempted to try but, honestly, I dread to think what it'd get up to and it'd execute faster than I could keep up.
Could try it in a VM or test machine that is heavily restricted
@@JustARegularNerd I should have added "and the Internet". The AI interpreters will very often try and download tools they need to do things, so it wouldn't work without Internet access.
Hi Seytonic, When did TCMSecurity get started as a training outfit? Where is their registered headquarters? Where can i find their annual financial returns 'before' spending money, please? Thanks for the info. Links not accepted for obvious reasons. Just reply to this comment, tell me info what and where to seach... it's easier and, transparent. :-) Thanks.
Try using Google
wonder how the latest llama3 70b or rumored 400b will stack up to this task
Meta ai used to generate CP is just crazy
3:22 "FBI guy, hes right there, grab em!"
good stuff
I knew Ring was a sketchy idea to begin with, especially not having it open source
that is why you don’t install ring doorbell in a bathroom. lol
While true, this is victim blaming. Ring is entirely in the wrong here, their customers should be able to use their cameras as they see fit in their own homes, without employees having unfettered access.
Fr 😂
ironically.. the guy who found the google's mini voice assistant device in his bathroom was recording him 247 and giving metadata of his bathroom time to their server in 2022
If we look at the tested LLMs. There's a problem with this. All of those are various fine tunes and variations of much smaller local models. What we aren't seeing in the tested ai models are Gemini, Claude, or co-pilot, which are more in par with gpt4. The remainder of those models are barely capable of holding a decent conversation without losing coherence. I mean sure they can somewhat but a far cry from gpt 3.5 even.
On minecraft servers we use baritone to auto raid bases that sell crap for real money on discord.
In shooters I use an AI to predict the tactics of the enemy team, essentially auto-commanding my side of the battle.
It was only a matter of time.
Riester
dang but now the credential stuffers are gonna stuff the emails for the 50 bucks. For. Every. Single. Account.
7:43 hehehe thats tom and jerry
Insert Project 2501 reference here
I appreciate that you recognize that committing international financial crimes is not necessarily something DPRK would be doing for fun if they weren't under sanctions.
One step closer to AI Wars in Cyberspace
8,80$ is nothing on the OpenAI API. I've spent 100s for simple scripts that build code or think step by step. 8,80 is cheap af, it just means the cheaper upcoming options that will be capable of it like llama 4 etc will do it basically for free and locally
Seeing as to HIRE a hacker would cost considerably more, I'd say people would be willing to pay for that kind of research.
This is Whats next, show your skills?
1. CodeCraft Duel: Super Agent Showdown
2. Pixel Pioneers: Super Agent AI Clash
3. Digital Duel: LLM Super Agents Battle
4. Byte Battle Royale: Dueling LLM Agents
5. AI Code Clash: Super Agent Showdown
6. CodeCraft Combat: Super Agent Edition
7. Digital Duel: Super Agent AI Battle
8. Pixel Pioneers: LLM Super Agent Showdown
9. Byte Battle Royale: Super Agent AI Combat
10. AI Code Clash: Dueling Super Agents Edition
"Regime" watch Loyal citizens of Pyongyang in Seoul
we can only hope that the eu and the us tighten their laws on ai
Remember god's eye from fast and furious it's gonna happen
my pentesting career has ended before it even started
😂
Imagine: "this video is sponsored by böackhats"😂
Every new AI development just proves Ned Ludd was right from the start.
I don't see why the production companies would have an issue when the animation industry is basically North Korea anyway
Script kiddies at a new level
I'm genuinely worried about the future of cybersecurity as a career with the development in AI... Is it even worth pursuing this field anymore? Can someone please answer my question.
I’ll put it this way, every career is at risk with AI. We also always have a moment in industries where we think, “This is it, it’s over.” Then we realize it was just a change, not a means to an end.
why not you just gotta be willing to adapt and use new tools
Probably. I don't think anyone sensible is willing to put actual important confidential information under the control of AI without oversight. They aren't going to let the nuclear launch codes be protected by just an AI, simply because having control is important. The landscape may shift, but I don't think cybersecurity will be a solved problem with AI. It will likely just shift into a different form (though it might very well make the job market more competitive).
@@the-answer-is-42 i doubt that there is still a MASSIVE shortage of qualified workers so if ur a Specialist at something i doubt you gotta worry for your job
lets say your fears are true and it happens at the end you need somebody who sets up the machine
HELLO!
ROBOT WARS ARE STARTING LETS GOOOOOOOOOO
That's what the years of them seeing your body's and eyeing you down, judging you, and invading your privacy is worth: 50. Dollars.
Yeah if this was in Germany, the company would bankrupt to pay it off.
The people affected would have made more money charging the dirty gits a subscription to Only fans for the sam content... Disgusting really...
cool
👍
content farm
Naaah😮
Isn't given AI access to the internet dangerous?
💌🇨🇦
:v
AI is going to revolutionize the pentesting space
no.
I'll play you in rock paper scissors for your account 💎🧻✂️
Wow you buy actual corporate spyware and you’re surprised they used it? Maybe dont buy corporate spyware
HackerNewsImma1st
Don't take my comments seriously. It's only a meme
So why not allow N Korean do honest work. Instead of pushing them to destructive IT hazards?
It's sad that North Korea cannot even participate in the creation of internationally popular art.
These sanctions are so restrictive and hurt the countries abilities to even get enough food imported.
interesting profile and comment choice the weeb feels deep sadness of the struggles of the north Korean animators, I wonder what made him feel this.
womp womp
womp womp
"womp womp". Imagine if your country had recently freed itself from colonial occupation and then had imperialist powers carve up your country to install a fascist dictator to exert control, then, when a civil war breaks out made the entirety of the UN invade the half of your country that is actually democratically ruled, killing 3 MILLION of your people and completely leveling almost that whole half, and then being completely put on embargo by the non democratic world cursing your country to be extremely poor
ahhh TSM. the only place you can get your PPPP, PEDP, PCCP, PHCP, PHPP, PQET, PCET, PCST.....
Ai is just a bunch of indians who have been trained to type and create images very fast___
Good sponsor. He follows me on Twitter
Bro, it was extremely unnecessary to constantly compare the AI tool with script kiddies at the beginning because everyone is interested in this kind of technology because it's simply extremely exciting. And secret services are also interested in such technology.
Yep my Account or this comment is shadow banned. Thx to you Saytonic
Im Shadow banned thx 👍
Fun Fact: The screen at 3:30 appears to be a game I played a while ago called Hacknet. Highly recommend playing it if a hacking game sounds interesting. May not be everyone's cup of tea, but it's pretty noice.
Any recommendations so private email? Is tutanota a greatchoice?
Initializing
Automagic-hack complete
Holy hell north korea based
agentgpt was just the tip of the iceberg there many different agent frameworks that are 1000x better
Can you list a few?
@Leo-sd3jt nah he's probably just parroting. Wanted to come here and sound like a big smart man. Not actually add anything useful to the conversation or give anyone a head's up on wtf he's referencing.
@@glytchd not at all. Theres agencyswarm, autogpt i cant remember at the names of every framework
@@Leo-sd3jt theres agencyswarm, autogpt and autogen i think. Many more
First
Just glided into that TCM Security ad, like a ninja in the night..... 🫡
I didn't notice the sponsor until you mentioned it. It was skipped automatically 🤷♂️