Posts

Expanding the Boundaries of ChatGPT with LangChain - Part Two

Image
  In huge ChatGPT news this week, they rolled out web browsing capability and plugins for ChatGPT Pro subscribers. That will be what I blog about next week, but for now, I wanted to post part two of looking at LangChain. In part one of this series, we explained that LangChain was a framework of connectors that allows us to use our code to tie together data and large language models (LLMs) like ChatGPT. The new ChatGPT browsing capabilities add a lot of functionality, but there is still a need for LangChain to allow us to automate these processes. We’ll look at increased functionality and use cases in future posts, but for now, I wanted to share the code I used in the previous post.   First things first are installing the Python dependencies: pip install openai pip install langchain pip install chromadb pip install tiktoken I installed these successfully on both a Windows system and an M1 Mac OS system. On the Windows system, I needed to download some Microsoft C++ tools for Ch
Post a Comment
Read more

Expanding the Boundaries of ChatGPT with LangChain - Part One

Image
  You have likely noticed a massive influx of applications that claim to use artificial intelligence. Many of these applications are built using a framework called LangChain. In this post, we’ll provide a basic introduction to this technology and explain why it can be beneficial in your daily taskings. Let’s start off with “normal” ChatGPT usage. Most users go to the ChatGPT website, ask ChatGPT to do something, and read the response. The technology is both awe-inspiring and currently limited. It’s limited by not having internet access, access to recent information, or the ability to incorporate the user’s files or data into its workflow. It’s also limited by the size of how big prompts or answers can be. The “normal” usage of ChatGPT looks like this. You can do some amazing things with this basic model, but think of how many things aren’t incorporated here and the potential that they could unlock if they were. This is where LangChain comes in. LangChain is a framework that allows de
Post a Comment
Read more

Beyond the Tor Browser: Proxying Applications for Enhanced Privacy and Capabilities

Image
  Recently I had a former student reach out and ask me how they could utilize some of their favorite plugins from Chrome on the dark web. There are multiple ways to achieve this, but we’ll look at one method that is straightforward to implement and can be used with a variety of applications, just not Chrome. The Tor network is a free and open-source software project that enables anonymous communication across the internet. It routes your data through a series of volunteer-operated servers, known as nodes or relays, to obscure your location and browsing habits. This is also used to access the biggest and most widely used dark web. The most straightforward method to start using the dark web is downloading the Tor Browser, a modified version of Mozilla Firefox. This browser is designed to work seamlessly with the Tor network, ensuring that all your browsing activities are routed through the network without any additional configuration. Normal browsers like Chrome, Firefox, and Safar
Post a Comment
Read more

Lowering the Cost of Education with SANS: A Guide to Affordable Programs for Prospective Students

  Years ago, I wanted to learn digital forensics and started researching what trainings were available. The consensus seemed to be that SANS training courses were amazing, but not inexpensive. I was going to have to pay out of pocket so I also researched if SANS had any programs to help reduce the cost. Thankfully they did, and still do. Many people aren’t aware of what’s available so I wanted to write a post about some of the programs SANS offers.   SANS Work Study Program The first SANS program that I utilized was the SANS Work Study Program, also known as the SANS Facilitator Program. Work Study allows students to attend a SANS training event at a significantly reduced cost. In exchange for facilitating the event, students can save up to 70% on their course fees. Facilitators must be available for the entire duration of the training event and be able to handle various logistical tasks including showing up a day early to help set the conference up and help take it down when it’
Post a Comment
Read more

Cutting the Cord: Harnessing OpenAI's Whisper in an Offline Environment

Image
Recently I presented a webinar on using ChatGPT for OSINT, where I used the entire one-hour window presenting. I encouraged attendees to ask questions in chat and said I would answer them on my blog. One of the questions was regarding another of OpenAI’s offerings, Whisper. I recently blogged about Whisper, but the summary is that it’s an incredible audio-to-text transcription engine that can be installed on your local system and used 100% free.  The question was, does Whisper send the information to the cloud, or can it be done 100% offline? Offline would be fantastic from an OPSEC and privacy concerns point of view. I found one third-party blog post from when Whisper first launched, which mentioned that it could be used offline, but the official Whisper didn’t explicitly mention it.  In my reply, I said to expect to see a blog post on that soon, and this is that post. I started off by using pip to install Whisper on a small NUC device running Ubuntu 22.04 Once that was done, I inst
Post a Comment
Read more

How Does Google's Bard Do In The OSINT Tests We Gave ChatGPT?

Image
  Last night I received an email letting me know I had received access to Google’s answer to ChatGPT, Bard. I’ve heard mostly negative reviews about Bard so far, so I wanted to test it on a few OSINT tasks similar to tasks I asked ChatGPT to perform in my recent “ChatGPT for OSINT” webinar. The first thing I had it help with was profiles for a sock puppet account. I asked for a French woman in her 30s, the same example I used for ChatGPT. I guess it didn’t feel the name to change the last name much 😊 When I asked for a profile and bio, this is what I got: I asked it to rewrite the bio in first person and to make it more casual: One thing that’s important in OSINT is knowing what sites and apps are popular in the part of the world where your target is located. If someone asked me what apps were popular in the U.S., I could answer with confidence. If someone asked me about Bolivia, not so much. So, I asked Bard: The list LOOKS solid, but I would like some evidence and stats to back
Post a Comment
Read more

Q & A for 3/16/23 ChatGPT for OSINT Webinar

Image
 Earlier this week SANS hosted a one-hour Webinar "The New OSINT Cheat Code: ChatGPT". You can watch the webinar and view the slides here:  https://www.sans.org/webcasts/new-osint-cheat-code-chatgpt/ I used up the entire hour of the allotted time giving the presentation so I promised that we would gather the questions and I would answer them on my blog. I haven't edited these for grammar etc, just pasted in the questions and responded to them. Q: If people were proficient in "google dorks" - to uncover whatever they may find. How does the landscape shift if future   iterations of ChatGPT adapts to the majority of population's search as it comes to understand what people are seeking out. A: I can easily see “Google dorks” becoming less important in the future as the focus shifts towards writing quality prompts explaining EXACTLY what you’re looking for and letting that specificity improve your signal-to-noise ratio. I’m picturing an enhanced user exp
Post a Comment
Read more