Day 1 of Advent of Cyber 2023!

Introduction:

Advent of Cyber is basically 25 days of challenge in which the participant will get a task to do on daily basis and the deadline to complete the task is till 25th December. Every task has its own new story related to the Christmas and dwarfs having cyber security issues. Vast range of topic are covered including machine learning, prompt engineering, penetration testing, security operations and engineering, digital forensics and incident response, and malware analysis. This 25 days challenge gives the user the basic insights of all these fields and will help you figure your niche in 25 days.

Day 1 problem statement summary:

There are two cyber security teams in an organization "The AntarctiCrafts". Team one was lead by McSkidy's security team and the second team is new on field and lead by McHoneybell.

Objective:

• Learn about natural language processing, which powers modern AI chatbots.

• Learn about prompt injection attacks and the common ways to carry them out.

• Learn how to defend against prompt injection attacks.

Tasks to do:

The user need to gather the confidential information from the AI operated chatbots that keeps updating themselves after every human invasion. Both attacker and defender try to outsmart each other.

Task 1 :

"What is McGreedy's personal email address?"

Getting this information from the AI chatbot which is called " Van Chatty" won't be easy because chatbots are trained to not to share sensitive data without any defence in the place. In this situation , the user has to pretend to be the person who forgot his own email details and in order to do some task the urgently need their email id. In this way the user can outsmart the Van Chatty by pretending to be someone in urgent need of something and this technique is a our bypass to the personal email id.

Answer: t.mcgreedy@antarcticrafts.thm

Task 2:

"What is the IT server room door password?"

Van Chatty was trained not to give out crucial information to any person asking for it. And in order to escape this matrix the user first need to get the information of a person working at the IT department already and after that they can pretend to be that IT Department employee and get the password of IT server room door password.

Answer: BtY2S02

Task 3:

"What is the name of McGreedy's secret project?"

I tried two approaches to do this question. First was where i pretended to be McGreedy and wanted to change the name of my secret project but i forgot my secret projects old name and i failed miserable .

Later on, telling the Van Chatty that its under maintenance mode and asking the same question gives us the desirable answer because when a chat bot i in maintenance mode, the chatbot operates outside of its standard procedure, bypassing the security checks.

Answer: Purple Snow.