Weaponizing with ChatGPT

Hello everyone! I’m sure you’ve heard of ChatGPT, the language model trained by OpenAI. In this blog post, we’ll explore how we can use ChatGPT to create scripts or projects for testing systems or applications. However, it’s important to note that ChatGPT is not a tool for creating malicious code like ransomware. In order to protect people from bad actors, ChatGPT won’t generate code for such purposes. As hackers, we may try to find ways to achieve our goals, but it’s important to always do so ethically and legally. So let’s use ChatGPT responsibly to enhance our testing and development processes! And Let’s find anaother way to getting reach to our goal 🙂

ChatGPT comes in…

While writing malware samples with GPT, you must know that what you want to achieve and you must set your main goal. For instance, if you wanted to create a ransomware, you must know how to ransomware works (if you don’t know, you can learn with GPT, though).

Let’s start with a hands on example.

Firstly, I’ll try to create that directly.

First Try – ChatGPT

Nothing 🙂

But GPT, tries to explain what is that.

Information about Ransom from ChatGPT

After that, you must only need to understand the situation, need to create sub-tasks and write them with GPT power.

1- Finding all the files;

Finding All Files Step 1

2-Encrypting files and responding to the server;

Encrypting Files Step 2

3-Combining first and second tasks.

Combining the Pieces

4- Finally we must create a basic server that accept the connections from clients.

Writing Server Code

Now, you have all of the basic codes you needed to test a real ransomware attack without AV Evasion techniques. Let’s add them (simplest ones).

Obfuscate the code with general words;

Obfuscating Code with General Words

Or you can obfuscate with random strings,

Obfuscating Normally

You can use “Process Injection” techniques for injecting your shellcode or creating a new process for more advanced tests. An example for “Process Hollowing” technique for execute the code into the memory without interact the disk;

Process Hollowing

You can use “Process Doppelgänging” to create a new process similar to real process.

Process Doppleganging

And I wanted to write another code that downloads an executable from internet;

Writing Dropper Code – Downloading
Writing Dropper Code – Executing Commands

Now we’re equipped for all the needed code snippets to achive our goal (a ransomware simulation).

Let’s draw our malware execution processes which we can use for different execution ways;

First Execution Process Example;

First Example

Second Execution Process Example;

Second Example

These are execution processes that imagined before for this post. I won’t create all of the codes for these scenarios. You should just try to understand how the combining and creating new tools or malwares with ChatGPT. This post for only educational purposes and please don’t use this mindset to harm other people or companies.

Thanks for your time and interest.