ChatGPT can truly do some amazing things. With its popularity and awareness increasing daily, I wanted to show two unique ways I have discovered to give a better picture of some avenues that it branch out to.
Over the years I became very experienced using many Endpoint Management Tools. I started with Altiris, moved to Symantec, migrated to SCCM/System Center, and finally landed at Intune. After having used so many different endpoint management products over the years I have become very aware of what works and what doesn’t and seen how some functions come and go.
For example, Altiris had a neat ability to show in the Console when a user logged in and out of a computer in realtime by triggering an update to the database for a specific field related to the logged on property. However, once Symantec acquired Altiris that function was removed and not implemented in the Notification Server. Another example is SCCM which has software metering capabilities. The way it works is that it would record the beginning of a process and the ending of a process and would write that to a file that could then be picked up by the database. However, with Microsoft’s move to Intune, that function was never added and as a result there is a gap.
Why is this important? Resource Efficiency. Specifically, money and using it more efficently by negotiating your software license contracts to only get what you need. I have seen software licenses cost nearly a million dollars so I can imagine how it would help many organizations to have a feature such as this. It also helps you to determine what your users are using. Want to see the benefit of that? Check out my article on Tracking Physical Assets and Improving Software Metering.
I have queried many vendors, but have yet to find a vendor that specifically does this. Some DNS and Webfilter companies may record the process and start time, but not the end time. Comparitively, some security vendors do indeed record process start and process end times. However, software metering is not a primary target for either market so knowing how the process works, I asked ChatGPT to write a program that would record the start and end times of a Windows process. Let’s see how it did.
Well, it wrote something. Let’s start up Visual Studio Code and see how it did.
We need to generate some data so fire up Notepad, Chrome, and Firefox and let’s see what happens.
Now, let’s just open up that log file and verify if running and closing the programs works.
Amazing. Sure enough, it recorded the start and end times of the processes. From here we can simply take the start and stop times and get the delta of time that a program was run. We can even compare overlapping times to determine concurrent usage. That’s really incredible and something so simple that ChatGPT was able to do it in 45 lines of code. We can even update the code to add additional features such as uploading the CSV to a database or adding the logged on user so that we can associate the software that was run to the user that ran it so that we can have a better conversation and provide better support.
For example, if we notice that we have various competing software programs out there and want to become more unified where do you start? Why run multiple competing mathematical programs such as Matlab and Mathematica? Or what about R and SPSS? Process monitoring can help you start the framework for those discussions by giving you a starting value of what percentage of people like this software over the other and how much does that cost the organization?
Regardless, why can’t Microsoft add that feature to Intune already? In theory, a log on event could trigger the kick off of the process monitor event and then record the processes that are requested from a catalog ala firefox.exe, chrome.exe, and notepad.exe.
Now let’s see how it does on penetration testing. One of the biggest ways to exploit a vulnerability and gain access to a system is having open ports that can be accessed. If the port is closed, then it makes it that much harder for the hacker to get inside.
Update: My original query is now lost in the Interwebs, but I asked it to craft a port scanner to check for open ports on a specific IP address. Here is the code it gave me.
I updated the code to modify the range function to specifically look at ports 1336 and 1337. Now we just need an IP address of a system we want to scan.
Alright, let’s run it on our private IP address to see what happens.
So the ports are closed. That makes sense since the Firewall is up. Let’s verify using netstat.
The IP address is sorted in ascending order based on the ports following the colon. Sure enough, ports 1336 and 1337 are not listed. That’s good news.
Okay, now let’s check the 127.0.0.1 address which is a loopback or localhost IP.
Now let’s verify using netstat again.
Sure enough, 127.0.0.1:1337 is listed so the localhost is listening on port 1337 afterall. That means our port scanner does indeed work. From here you can modify the code to check for specific ports such as SQL, FTP, etc so that remote attacks are harder to do.
That’s two for two ChatGPT. Well played.
Summary and Closing Thoughts
ChatGPT is evolving quickly and can do amazing things with proper understanding of what you want it to do for you. In this scenario, I was able to get it to build a program that will do process monitoring for better understanding of user behavior which can be used to be more budget concious with software licenses. I was also able to build a rudimentary port scanner to check for network vulnerabilities.
“Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”Ferris Bueller