Threat Analysis In Minutes And Other AI Super Powers

thank you as you said I'm going to do a talk on th analysis of minutes another AI superpowers um first a little bit introduction my name is Bailey I'm based out of Virginia in the US and I'm a cyber security and political science student at Old University and after graduation I plan to help develop policy to reduce human susceptibility to social engineering attacks first what is why rabbit Neo so White Rabbit Neo is an uncensored open source AI model which is trained on um software and cyber security data and uncensored means that the model does not have the same guard rails in place that other AI models like chat GPT does so if you ask chat GPT to create a Dos attack

it will call you a criminal whereas why rabbit Neo will just give you the script to run and White Rabbit NE is designed to enhance the work of security teams rather than replace their engineers and most of the models are available on hugging face with the exception of whichever model is the newest at the time which is only available on the white reno.com website as well as [Music] kind. and so as to why white revenue is important um attackers are already using artificial intelligence to conduct their attacks so red and blue teams need to also be using AI tools so they don't fall behind um why Rue also helps reduce the TDM in cyber security by doing time

intensive research which allows cyber Security Professionals to focus on Crafting the actual attacks and white rban can also be used as a teaching tool for beginner Security Professionals so in this image white ran addresses security issues in a code segment within VSS code in the presentation I'm going to go through four different use cases for White Rabbit Neo creating custom hacking tools paired backing secure code analysis and finally educating Junior Security Professionals so with creating custom hacking tools White Rabbit Neo helps you to avoid having to search um on the Internet and try to find the best tool and getting bogged down in the details of creating attacks and I use White Rabbit Neo to help develop personalized

tools and scripts to fit hacking needs without having to take the time to find these tools online um and it's also capable of developing a wide range of tools and scripts including Port scanners as in the bottom image and um scripts to- do directory brute forcing attacks is in the top image and white Remo um its foundational model is whatever is the software best LM doing software engineering at the time so it's well versed on any programming language going back to uh Cobalt next with paired hacking um since it's instructed to give code first answers it will write a response in code to whatever prompt it can and this makes it great for answering questions about

code um such as questions and Cali Li Linux applications so in the top example I have it um explaining how to set up a reverse shell Connection in Cali Linux using Metasploit and in the bottom image I have it explaining a network capture um just like a fragment of an IP C IP pack I captured using wire [Music] shark next was secure code analysis um using the kindo co- pilot you can use white ramano within vs code and Jet brains and this helps to give it feedback in on the code within your IED rather than having to switch back and forth between the chat and it can help give your feedback on your code and help

debug it um so in the top image White Rabbit Neo is analyzing a program and explaining what the different files do sorry in the bottom image um white r is explaining what the selected file as well as any files associated in the codebase with it do and then in the top image white remu is giving suggestions on how to harden the code and make it secure against security vulnerabilities and while both these features can be done in the actual WR remedy or chat just using it within the IDE simplifies the process a little bit better finally with educating Junior Security Professionals um white rabano is capable of explaining any security topic including complex ones like binary

exploitation in a way that um less experienced professionals can understand so in the larger example uh White remue is explaining binary exploitation to a 10th year student um so it just makes it a little more simplified and then once you understand the simplified version you can ask it questions to clarify or ask it to give you a more detailed response and um it can also explain how to use different cyber security tools so you don't have to Wade through Man pages or other resources um such as if you ask it like the best tool in C Linux to find hidden web objects it'll talk you through how to use derb and that's all I have um you can

contact me if you have any questions uh or I'm happy to open for questions now as well what kind ofs you need to run this um so I have a document that breaks it down entirely I'm happy to share with you um I I run it off of my MacBook right now um there's an 0b model that's pretty easy to run and there's also a 32b as well if you want think 32 if you want to um run it locally you can also just use it online as well yeah anyone else yes passone [Music] down um thanks for the talk how are you dealing with hallucinations um sorry I'm thinking [Music] um I guess I don't personally train the

LM so I don't have the best answer how are they dealing with hallucinations sorry no you're good I just don't have the best answer for you um but I honestly I deal with like the user interaction S I haven't had any complaints of people having hallucination so I'm not personally aware but I'm happy to connect you with someone that can better answer [Music] yeah uh how much uh does it cost so it's free to use all the models that are available on hugging face you can run for free on your own machine for the cost of um maintaining the infrastructure um it's also free to use on kindo or White Rabbit Neo for a believe it's 25

uses a day on the White Rabbit Neo website or it's a certain amount of like credit consumption on kindo um and then after that I believe it's 100 USD a month for the Pro Plan on white rue.com thank you y any [Music] more no and oh we [Music] go how is it dealing with any ethical issues connected to that I'm sorry I didn't how is it dealing with any ethical issues connected to the whole Hing and do you need to consent anything or so like any ethical hacking tool oh obviously jpt is aware that it's not supposed to sustain or help in that sort of yeah well if it's designed for ethical application so it's on the user

to use it for ethical resources just like how when metas sploit first came out it was there was concern that it would be used for unethical sources but like I said these tools are already being used by like not white Revenue but like um black hat hackers are already using other AI Tools in order to craft their attacks so it already exists on the dark [Music] web anyone else all the way down the back [Music] you could have just taken your own microphone there uh I know you said you weren't dealing with the actual training issues but what providence is there on the training data how has the issue of Licensing consuming the right uh content and not

consuming unlicensed content being dealt with um as far as I know with the training content like I said I'm happy to connect you to the person that's actually involved with the training it's trained off of I think what I'm asking is more a case of how does a user ensure that they as a user are not opening them up opening themselves up to some kind of [Music] action like preventing the user from sharing their information with that no more case of if there are issues that come about from the content that it's been trained on how does a lot how does a user isolate themel insulate themselves from The Fallout of

that I don't think I really have a I haven't I'm not sure honestly okay I I don't have sorry to put you on the spot right thank you very much everybody uh thank you Bailey