Skip to main content


AI and Social Exploitation -- RSA Conference 2023

Recently had the honor to present my research at one of the most prestigious cybersecurity conferences in the world -- the RSA Conference in San Francisco. The presentation focused on the emerging use of Artificial Intelligence within social engineering attacks. Talk Abstract Infestations of malicious bots on Internet platforms is nothing new, but the sophistication of these bots has transformed dramatically in recent years and is continuing to evolve. This presentation will explore how the use of advanced artificial intelligence is being incorporated into fraudulent scams and phishing attacks, and what this means for the threat landscape of the future. Top Rated Talk of 2023 A couple months later, I was informed that my presentation had earned me the ranks of a top-rated RSA speaker. It's an honor to be acknowledged by such a well-established institution of the cybersecurity industry in this way. And also truly exciting to see my research resonate with so many people. For anybody

ChatGPT and the Academic Dishonesty Problem

I've recently seen some complaints from students online (across Reddit, ChatGPT, and Blind) who were indicating that they had been falsely accused of using generative AI when writing essays at their schools and universities. After seeing several of these, I decided to look into ZeroGPT (the top tool being used right now by academic organizations to crackdown on generative AI cheating), and what I found was more than a little concerning. Falsely Accused Imagine you are an undergrad student and business major, looking forward to finishing out your senior year and preparing to take your first steps into the real world. After turning in an essay on comparing and contrasting different software licensing models, you are informed that a new university tool has determined that your essay was AI generated. Because of this, you have been asked to stand in front of the University ethics committee and account for your misconduct.  Only problem is — you didn’t use generative AI tools to create

ChatGPT Does Dad Jokes

So my new favorite hobby (at least for the next half hour or so), is feeding chatGPT (GPT-4 model) clever dad jokes and asking it to explain them.  It's amusing to see the responses, but it's also fascinating. Have you ever told a clever joke, only for someone to not understand it and ask you to explain. Perhaps (at least momentarily), you were at a loss for words, or struggled to succinctly explain the joke. This is perfectly normal. Clever jokes often play on language and can even require you to make complex multi-level logical connections based on double-entendres and hidden meanings.  Strangely enough, its usually much easier to understand a joke, than it is to have to explain the same joke. It can be exceptionally challenging to define what is funny, or even moreso, to explain why something is (or ought to be) funny. It often amounts to a seemingly inexplicable logical incongruence, which can be challenging to define in words. Having chatGPT interpret dad jokes is an enter

Does AI know us better than we know ourselves???

Seriously guys, can we talk about the fact that ChatGPT wrote the headline for the #1 most up-voted post on Reddit's /r/chatGPT subreddit, when given the prompt to make a headline as "click-baity" as possible? Don't believe me? You can confirm this for yourself by opening the sub-reddit, then sorting by "Top" -> "All Time" (or just click HERE ). As a geek who loves both social psychology and technology, this phenomenon was immediately fascinating to me. I think there are a few possible explanations:  Occam's Razor - The most likely (though also the least interesting) explanation, is that the posted content was sufficiently witty and meta enough to warrant it landing the top spot. I admittedly got a chuckle upon seeing it, and I'm sure others had a similar gut reaction. Unwitting Collusion - It is also possible that Redditors unwittingly colluded on upvoting this out of a shared sense of irony. This itself raises some fascinating questi

Talking chatGPT, AI, and our future robot overlords at RSAC 2023!!!

Just recently received the fantastic news that my presentation (on leveraging Large Language Models like chatGPT for social engineering) was accepted for RSAC 2023!!! I started my research into using AI systems for social engineering exploitation about a decade ago. And it has been crazy to see the evolution of this technology over the years, and how recent innovations in the last few years have completely changed everything. I've had the amazing opportunity to share this story with audiences at ToorCon, DEFCON (AI Village), HOU.SEC.CON, and Texas Cyber Summit. And now, will have the opportunity to share it at RSAC 2023! It's crazy how much this talk evolves just in the few months between presentations. But with chatGPT, Bing, Bard, and other emerging LLMs, things are changing SO FAST now! There is so much new and awesome stuff that will be added into the RSA presentation. Looking forward to seeing everyone in San Francisco.  What the talk is about? The talk has the same title

Talking OT Security at HouSecCon 2021

I will be delivering a talk at HouSecCon (on October 7, 2021), about security assessment methodologies for OT infrastructure. The talk is entitled -- "OT Security -- Assessment Methodologies for Securing the Things that do the Things" What's the talk about???   When Information Security professionals attempt to cross-apply their skills to OT (Operational Technology), they often find an environment that, compared to IT infrastructure, is considered beyond reproach.We are often told — “do not patch”, “do not scan”, “do not attempt to harden”, “do not even look at these systems or PEOPLE WILL DIE”. While these risks can be sensationalized, the mishandling of OT infrastructure can indeed result in operational downtime, safety issues, and the potential for loss of life. Drawing from years of OT security experience, the speaker will discuss risk-conscious, white-glove approaches that can be used to effectively assess and secure OT environments, without disrupting critical opera

Alexa Hacking at DEF CON 29

This year, I delivered a talk at DEF CON 29 IoT village on the social exploitation of victims proxied through Alexa voice assistant devices.  Check out the Video here!!! The talk was live-streamed on Twitch on Friday, August 6th at 3:30pm PT on the IoT Village Twitch Channel . If you missed the live talk, check out the video on YouTube here: What's the talk about??? As voice assistant technologies (such as Amazon Alexa and Google Assistant) become increasingly sophisticated, we are beginning to see adoption of these technologies in the workplace. Whether supporting conference room communications, or even supporting interactions between an organization and its customers — these technologies are becoming increasingly integrated into the ways that we do business. While implementations of these solutions can streamline operations, they are not always without risk. During this talk, the speaker will discuss lessons learned during a recent penetration test of a large-scale “Alexa for