Connect with us

Features

How I built a Zero Day with undetectable exfiltration using only ChatGPT prompts

Published

2 years ago

on

ChatGPT is a powerful artificial intelligence language model that can generate human-like text in response to prompts, making it a useful tool for various natural language processing tasks. One of these is writing code. So, I thought to myself, is it possible to build a new zero day using only ChatGPT prompts?”, For this, I decided to not write any code myself and use only advanced techniques, such as Steganography, that have only previously been reserved for nation state attackers. I wanted to attempt to create something that would work in a full end to end manner, without the need for the reader to imagine how certain parts of the malware would ‘hang together’.

The overall purpose of this exercise was to prove two things:

  1. How easy it is to evade the guardrails that ChatGPT has put in place
  2. How easy it is to create very advanced malware without writing any code and only using ChatGPT

So, I started my foray by looking to see what I could get ChatGPT to generate. I decided to use Go implementation language, given the ease of development and that I could manually check the code if required to debug issues.

The first rendition – building the MVP

The first prompt I did was to just generate something quantifiable as malware. Understandably, ChatGPT reminded me it is unethical to generate malware and refused to offer me any code to help the endeavour.

ChatGPT refuses to generate any prompt that contains the word ‘malware’

To work around this, I decided rather than being up front with my requests to ChatGPT, I decided to generate small snippets of helper code and manually put the entire executable together. I concluded Steganography is the best approach for exfiltration, and ‘living off the land’ would be the best approach by searching for large image files already existent on the drive itself. This malware was intended to be for specific high value individuals, where it could pay dividends to search for high value documents on the C drive, rather than risk bringing an external file on the device and being flagged for calling out to URLs.

The first successful prompt was by simply asking to generate some code that searched for a PNG larger than 5mb on the local disk. The design decision here was that a 5mb PNG would easily be large enough to store a fragment of a high value business sensitive document such as a PDF or DOCX.

ChatGPT code response for finding PNGs on the local drive. Complete response redacted

Armed with the code to find PNGs larger than 5mb, I copied this back into the console, and asked ChatGPT to add some code that will encode the found PNG with Steganography.

At this point, I nearly had an MVP for testing, with the missing part of the puzzle being that I needed to find some files on the device to exfiltrate and where to upload the results. I decided to prompt ChatGPT into giving me some code that iterates over the User’s Documents, Desktop and AppData folders to find any PDF documents or DOCX documents to exfiltrate. I made sure to add a maximum size of 1mb to embed the entire document into a single image for the first iteration of the code.

For the exfiltration, I decided Google Drive would be a good bet as the entire Google domain tends to be “allow listed” in most corporate networks.

Combining the snippets to create our MVP

Combing the snippets using a prompt was surprisingly the easiest part, as I simply needed to post the code snippets I had managed to get ChatGPT to generate and combine them together. So, with that ChatGPT result, I now had an MVP, but it was relatively useless as any ‘crown jewel’ document will likely be larger than 1MB and thus needs to be broken up into multiple ‘chunks’ for silent exfiltration using steganography. After four or five prompts, I had some code which would split a PDF into 100KB chunks, and generate PNGs accordingly, from the list that had been generated of PNGs locally on the device.

So, I now had my MVP, and it was time for some testing:

everything worked as expected. I confirmed using another steganography decoding tool that I was able to successfully decode the image

Testing the MVP

As part of the testing, I wanted to see how the out of the box code compared to modern attacks such as Emotet and whether many vendors will pick up the EXE that ChatGPT generated as being malicious, so I uploaded the MVP to VirusTotal:

So, having generated the entire codebase purely using ChatGPT, I thought that five vendors marking the file as malicious out of sixty nine was a decent start, but we need to do better to properly mark this as a Zero Day attack.

Optimisations to evade detection

The most obvious optimisation to make, would be to force ChatGPT to refactor the code that is calling Auyer’s Steganographic library. I suspected that a GUUID or variable somewhere in the compiled EXE may be alerting the five vendors to mark the file as malicious. ChatGPT did an awesome job of creating my own LSB Steganography function, within my local app rather than having to call the external library. This dropped the number of detections to two vendors, but not quite the golden number of zero vendors marking the file as malicious.

For the final two vendors, I knew that one of them is a leading sandbox and the other conducts static analysis on executables. With this in mind, I asked ChatGPT to introduce two new changes to the code, one to delay the effective start by two minutes, therefore assuming that the hypothetical corporate user who were to open the Zero Day, wouldn’t log off immediately after opening. The logic behind the change being that it would evade the monitoring capabilities, as some sandboxes have a built-in timeout (for performance reasons) and if that timeout is broken, then they will respond with a clean verdict, even if the analysis hasn’t completed.

The second change I asked ChatGPT to make was to obfuscate the code: surprisingly, ChatGPT wasn’t compliant when trying to obfuscate the code.

For both the direct requests to ChatGPT, there are some safeguarding measures implemented, meaning that there is at least a certain level of competency required to work out how to evade the ChatGPT safeguarding.

Having seen that ChatGPT wouldn’t support my direct request, I decided to try again. By simply changing my request from asking it to obfuscate the code, changing the prompt to asking ChatGPT to change all the variables to random English first names and surnames, it happily obliged. As an additional test, I disguised my ask to obfuscate to protect the intellectual property of the code, again it produced some example code that obfuscated the variable names and suggested relevant Go modules I could use to generate fully obfuscated code.

The theory behind this change is that for the second vendor, we needed to evade the static malware analysis, and by obfuscating the code you can sometimes evade detection. https://en.wikipedia.org/wiki/Obfuscation_(software) However, if you obfuscate beyond human readability, this can sometimes flag up other detection-based tools as non-readable variable names are used. So, with all this in mind, I decided to retest with the artificial delay and firstname / surname variables: again it runs as expected

So, it is all running OK with those changes, let’s upload it to VirusTotal and look at the new result: We got the gold medal, an advanced low and slow Zero Day designed to exfiltrate sensitive docs

And there we have it; we have our Zero Day. Simply using ChatGPT prompts, and without writing any code, we were able to produce a very advanced attack in only a few hours. The equivalent time taken without an AI based Chatbot, I would estimate could take a team of 5 – 10 malware developers a few weeks, especially to evade all detection based vendors. I anticipate some people reading this post may say, that is all well and good but my endpoint tool will spot the behaviour with behavioural analytics. However, I have tested two versions of the code against two industry leading behavioural monitoring endpoint tools, and in both occasions, I was able to run the executable and successfully exfiltrate data to Google Drive. This may be due to the non-standard behaviour the code is exhibiting, as rather than encrypting files (ransomware) or trying to send copies of those files to external sources, it’s wrapping those files in low value goods (images) and sending those out instead.

 

Adding an initial infiltration mechanism

I realised that ending the solution here, would be slightly disappointing as I wouldn’t have added an initial infiltration mechanism. I decided to ask ChatGPT to add a container format and to auto call the EXE. This didn’t work. With some more prompting, I managed to convince ChatGPT to produce instructions on how to embed my Executable into an SCR (screen saver) format on Windows and then make it so that the SCR file format would auto execute. This worked great and so I uploaded the results to VirustTotal again: Only 3 out of 69 vendors marked the file as malicious

Disappointed with only three vendors marking the default SCR file as malicious, I decided to upload a benign SCR file into VirusTotal. I checked the results again, and the same three vendors had marked the benign SCR file as malicious. It is highly likely that these three vendors are just marking all SCR files as malicious rather than doing any kind of intelligent detection.

I could imagine a scenario where an SCR file is sent to a user over email and they are socially engineered to run the SCR file, and that is when the executable is run to silently exfiltrate their most sensitive documents. This could be high value individuals, such as prominent politicians, or senior members of a large organisation, e.g C level executives.

Conclusion

In conclusion, this kind of end to end very advanced attack has previously been reserved for nation state attackers using many resources to develop each part of the overall malware. And yet despite this, a self-confessed novice has been able to create the equivalent malware in only a few hours with the help of ChatGPT. This is a concerning development, where the current toolset could be embarrassed by the wealth of malware we could see emerge as a result of ChatGPT.

 

Mitigations

 

Whilst the example was highlighted to show just one single way you can use ChatGPT to bypass modern defences, there are a few ways to mitigate the threat. Here is ChatGPT’s own advice on protecting against this attack:

 

 

If we take a look at the ChatGPT suggestions in slightly more detail and deconstruct each piece of advice to stop the attack:

 

  1. Monitor network traffic: Existing tools that monitor network traffic, do so in a way that look for Anomalies. However, by design, Steganography does not stand out as ‘unusual’ traffic as the only document that traverses the boundary are images.
  2. Block suspicious traffic: Most organisations current toolset today are unlikely to block image upload traffic to the google domain, as image upload traffic by nature doesn’t usually mean a potentially advanced attack and would have the unfortunate effect of blocking many legitimate Google services, such as reverse image search. Also, given the wealth of other document sharing tools, an attacker would likely be able to find another legitimately used corporate tool to upload their images to.
  3. Implement access controls: This is a good piece of advice, however, it raises the question of where the access control actually lies. If this piece of malware ends up in the hands of the employee who the access control is built around, then even good access controls will only limit the potential victims.
  4. Use Encryption: This is not clear advice as encryption can be used as an exfiltration mechanism itself.
  5. Train your employees: This is good advice to try and stop the initial attack, however, humans are not necessarily the only weak link.
  6. Regularly update and patch software: Again, good advice, but this is an advanced attack that even patching software wouldn’t necessarily help with, even after the ‘discovery’ of the Zero Day.

 

 

Finally, it’s important to note that the Forcepoint Zero Trust CDR solution prevents both the inbound channel (executable inbound over email) by simply configuring the inbound mail to not allow executables to enter an organisation via the email channel under any circumstances. It uses secure import mechanisms to ensure the executables entering the organisation are of trusted nature from trusted sources. Zero Trust CDR also protects against the exfiltrated images containing steganography leaving the organisation, by cleaning all images as they exit the organisation

Related Topics:
Continue Reading

Features

Redefining Real Estate: The Rise of Wellness-Centric Spaces

Published

3 months ago

on

March 14, 2025

By

By Mark Phoenix – CEO of Sankari

The way we think about real estate is evolving, and at the heart of this change is a renewed focus on wellness. As we become more aware of the profound impact our living environments have on our health and well-being, it’s clear that real estate must go beyond aesthetics and luxury—it must support a lifestyle of vitality and longevity. To me, true luxury is no longer defined solely by opulence but by spaces that promote health, balance, and connection.

The demand for wellness-oriented spaces is growing rapidly, and real estate developers must rise to meet it. Today’s buyers are looking for more than just high-end finishes and exclusive locations—they want environments that enhance their well-being. Integrating wellness features such as fitness centers, yoga studios, meditation areas, and holistic health services is no longer an option; it’s a necessity. These spaces don’t just add value to a property; they create communities that create physical health, mental clarity, and social engagement.

Wellness-centric design is about more than just adding amenities—it’s about creating environments that encourage movement, relaxation, and human connection. By prioritizing well-being in real estate, developers can offer residents a lifestyle that aligns with modern values and aspirations. These spaces cultivate a sense of belonging, allowing people to come together in ways that enrich their lives beyond the walls of their homes.

Beyond individual benefits, wellness-focused communities have a lasting impact on society. As more people seek out homes that support their health, the real estate industry has an opportunity to lead this cultural shift. Developments that incorporate sustainable materials, biophilic design, and eco-friendly building practices not only benefit residents but also contribute to a healthier planet.

In the ultra-luxury segment, this focus on wellness is especially meaningful. The most sought-after properties are no longer just about extravagance—they are about creating a sanctuary where people can rejuvenate both physically and mentally. True luxury lies in thoughtful, health-driven design that enhances everyday life in meaningful ways.

Designing for wellness also means partnering with visionary architects and designers who understand the importance of both form and function. In regions with challenging climates, for example, innovative solutions can help reduce environmental impact while enhancing comfort and efficiency. Securing sustainability certifications like LEED further reinforces a commitment to responsible development and aligns with the global movement toward eco-conscious living.

For me, integrating wellness into real estate is more than just a trend—it’s a deeply personal mission and a strategic imperative. The places we live should do more than just shelter us; they should actively contribute to our health and happiness. By embedding wellness into the very foundation of luxury real estate, we’re not just shaping beautiful spaces—we’re shaping better lives.

Continue Reading

Features

We are bringing tradition to every table in just five minutes

Published

4 months ago

on

February 20, 2025

By

Kerala breakfast

Exclusive Interview with Ashvin Subramanyam, CEO International Business, Orkla India

In this exclusive interview, Ashvin Subramanyam, CEO of International Business at Orkla India, shares insights on the brand’s participation at Gulfood 2025 and its mission to blend tradition with innovation in the Middle East. With the launch of Eastern’s 5-Minute Breakfast range and a refreshed Arabic spice portfolio, Orkla IMEA is redefining convenience without compromising on authenticity.

What can we expect from Orkla IMEA’s presence at Gulfood 2025, and how significant is this event for your brand’s growth in the region?

At Gulfood 2025, Orkla IMEA, subsidiary of Orkla India, is set to make a strong impact by unveiling the Eastern 5-Minute Breakfast range, designed to bring the authentic flavors of Kerala to the fast-growing ready-to-cook market in the Middle East. In addition, visitors can expect a refreshed Arabic spice portfolio, reflecting Orkla India’s continued commitment to catering to the diverse culinary preferences of the region.

Gulfood is a key platform for us as it enables us to showcase our latest innovations to a global audience, including retailers, distributors, and food industry leaders. The Middle East is a strategic market for our expansion. By blending tradition with convenience, our goal through this event is to become a household name across diverse communities in the region, reinforcing our commitment to quality, authenticity, and innovation in packaged foods.

How does Gulfood help Orkla IMEA connect with new markets, consumers, and industry partners, particularly in the Middle East?

Gulfood serves as a vital gateway for Orkla India to connect with new markets, consumers, and industry partners through its subsidiary Orkla IMEA in the Middle East. As one of the world’s largest food and beverage trade exhibitions, it provides an unparalleled opportunity to engage directly with key stakeholders, including retailers, distributors, and hospitality businesses, facilitating strategic partnerships and market expansion.

For Orkla India, this event is instrumental in understanding regional consumer trends, preferences, and evolving dietary habits, particularly in the fast-growing packaged food sector. The launch of the Eastern 5-Minute Breakfast range and refreshed Arabic spice portfolio at Gulfood allows us to showcase our innovation in convenience-driven yet authentic culinary solutions.

By participating in Gulfood, we strengthen our brand presence, foster collaborations with regional partners, and position ourselves as a trusted name in ethnic and mainstream food categories. It’s a key milestone in our vision to become a household name in the Middle East.

Eastern is set to unveil its preservative-free quick South Indian 5-Minute Breakfast range. What was the inspiration behind this concept?

The Eastern 5-Minute Breakfast range was inspired by the growing need for convenient, time-saving meal solutions that do not compromise on authentic taste and quality. South Indian breakfasts, particularly Kerala’s traditional dishes, are deeply rooted in culture, requiring significant time and effort to prepare. However, with modern lifestyles becoming increasingly fast-paced, many consumers struggle to recreate these meals from scratch.

Recognizing this shift, Eastern set out to bridge the gap between tradition and convenience by crafting a range that retains the authentic flavours and textures of Kerala’s most-loved breakfasts while eliminating the long preparation time. The preservative-free formula ensures that consumers enjoy fresh, wholesome meals made from high-quality ingredients in just three easy steps, ready in five minutes.

With this innovation, Eastern empowers busy professionals, young families, and expatriates to stay connected to their culinary heritage without compromising on their schedules, making traditional breakfast accessible anytime, anywhere in just 5 minutes.

Can you give us an insight into the development process behind this 5-Minute Breakfast range, especially in maintaining authentic South Indian flavors without preservatives?

The development process for our 5-Minute Breakfast range began with a deep understanding of our consumers’ evolving lifestyles and their desire for authentic Kerala-style breakfasts that eliminate a lengthy preparation process. We identified a unique need-gap: while traditional dishes like Puttu, Appam, and Idiyappam are much-loved, the time and effort they require can be challenging in today’s fast-paced world.

Our journey involved benchmarking these dishes to the traditional methods used by homemakers, capturing the essence of how an amma would prepare them at home. This set the standard for the flavor profiles we aimed to achieve. The challenge was to replicate the authentic taste and texture while ensuring our products were preservative-free.

Our R&D team worked tirelessly, conducting extensive trials to balance authenticity and convenience. Through our innovation center we crafted recipes that retain the goodness of traditional Kerala breakfasts while being ready in just five minutes. With this range, Eastern redefines breakfast convenience, allowing families to savor the true flavors of Kerala in a fraction of time.

With over one million Keralites in the UAE, how does Eastern plan to cater to both the traditional tastes of this community and the broader multicultural audience?

With almost two million Keralites in the UAE, Eastern understands the deep emotional and cultural connection this community has with its traditional cuisine. The Eastern 5-Minute Breakfast range is designed to preserve the authentic flavours of Kerala while offering a convenient solution for modern lifestyles. By using high-quality ingredients and a preservative-free formula, the range ensures that the taste and texture remain true to tradition, making it an ideal choice for Malayalees longing for home-cooked meals.

While there are other instant and ready-to-eat options in the market, Eastern’s range stands out by offering dishes like Puttu and Palappam, which traditionally require culinary expertise and time-consuming preparation. These dishes are not widely available in the quick- convenience food category.

At the same time, Eastern is expanding its reach to a broader multicultural audience by showcasing South Indian cuisine as a flavourful, nutritious, and easy-to-prepare option for all. The simplicity of the 3 Easy Steps preparation makes these dishes accessible to non-South Indian consumers who are eager to explore new flavours. Through strategic retail partnerships, digital outreach and and aggressive in-store sampling, Eastern aims to introduce and establish South Indian breakfast as a preferred choice for consumers in this region.

What’s one thing about Orkla IMEA that people might not know but should?

While Orkla IMEA was incorporated recently, we have been in the region for over 25 years now, through our brand Eastern.

Continue Reading

Features

2025 Hospitality Tech Trends

Published

4 months ago

on

February 12, 2025

By

By Prince Thampi, Founder and CEO, Hudini

As we approach 2025, the hospitality industry is poised for transformational growth, driven by evolving traveller preferences and advancements in technology. The future of hospitality promises enhanced convenience, personalisation and sustainability, with a significant focus on creating memorable experiences for guests. Let’s dive into five key trends that will shape the hospitality tech landscape in 2025 and beyond.

  1. The Continued Rise of Frictionless Technology

The increased demand for frictionless experiences is set to dominate the industry, with more and more travellers preferring hotels that offer touch-free check-in, check-out, and room access via mobile apps. This trend reflects a broader shift towards easy interactions powered by seamless digital integration. Mobile apps have been an essential tool for a few years now, enabling guests to manage their stays, order room service, and access hotel information effortlessly. With the introduction of Gen AI, those apps have become more powerful than ever and are now able to provide highly personalised recommendations and speak in different languages.

Hotels embracing this trend will gain a competitive edge, as tech-savvy travellers prioritise convenience and efficiency during their stay. According to a recent survey by Deloitte, around 72% of travellers are more likely to choose a hotel that offers mobile check-in and check-out services over those that don’t.

  • Hyper Personalised Guest Experiences

In 2025, personalisation will continue to be at the core of hospitality services but will finally be taken to the next level thanks to Gen AI. Guests expect hotels to anticipate their needs and offer tailored experiences, from customised room settings to personalised dining recommendations. Apps powered by AI are now able to predict guest needs based on a wealth of data, ingested from the hotel systems or fed externally.

Leveraging guest data and insights, hotels can create unique offerings that cater to individual preferences. This level of personalisation not only enhances guest satisfaction but also fosters loyalty and repeat bookings. According to Oracle’s findings, biometrics and AI are set to play pivotal roles, with 62% of guests valuing automated recognition for personalised interactions. Biometrics will experience a breakthrough into mainstream hospitality in 2025. Facial recognition technology has matured significantly and is ready to be weaved into the guest experience. It will enable better security and guest recognition while protecting their privacy at the same time.

  • AI-Enabled Customer Service

Artificial intelligence is revolutionising every aspect of the hospitality industry, but will be by itself a new way of providing customer service. Chatbots and virtual assistants are becoming standard tools for handling common queries, offering instant support, and streamlining operations at any time and in any language.

AI-driven solutions not only enhance efficiency but also provide guests with 24/7 assistance, ensuring a smoother and more satisfying experience. By integrating AI technologies, hotels can free up staff to focus on delivering exceptional in-person service.

  • Sustainability and Eco-Friendly Practices

Sustainability is no longer optional, it’s a necessity often enforced by regulation. Travellers are increasingly favouring hotels that adopt eco-friendly practices, such as using locally sourced food, implementing energy-efficient operations, and reducing waste.

By prioritising sustainability, hotels not only meet guest expectations but also contribute positively to the environment. This commitment to green initiatives enhances brand reputation and attracts environmentally conscious travellers. A recent survey by Booking.com found that 83% of global respondents believe more sustainable travel is vital, with 49% believing there aren’t enough sustainable travel options and 53% saying they get annoyed when a hotel prevents them from being sustainable.

Smart use of technology is key in the sustainability journey of hotels. Technology can accurately measure the reduction in carbon footprint, it will help reduce energy and adopt renewable energy sources, and will enable the effective management of food waste. Many hospitality apps allow guests to apply green energy settings to a room, some will even exchange your energy savings to loyalty points.

  • The return of ‘real’

With Gen Z – the first generation grown up with everything digital – becoming the next large group to travel, the craving for ‘real’ experiences is bigger than it ever was. Hotels focusing on truly unique and hyper local experiences; a great meal, cultural outing, or wellness treatment will win the hearts of this generation.

Fortunately hotel apps, AI, automation of processes, sustainability tech and the removal of cumbersome processes like checking-in and studying paper manuals will free up hotel staff to allow them to do what they do best: providing unforgettable, personalised and sustainable experiences.

Continue Reading

Trending

Please enable JavaScript in your browser to complete this form.

Copyright © 2023 | The Integrator