Background OpenAI chat has exploded in popularity over the last couple of weeks. People are using it to do all sorts of interesting things. If you are unfamiliar with OpenAI Chat and GPT-3, you can find a primer here. The gist is that it’s an artificial intelligence model that you can chat with as if it were a person. It can do all kinds of things like answer questions, write code, find bugs in code, and more.

Last week I was working on a social engineering engagement that included pretext phone calls, email phishing, and USB drops. I had to build payloads for the phishing email attachments and USB drops. This engagement was standalone, and therefore was not supporting other testing efforts like an internal pentest. Therefore, the payloads didn’t have to do anything fancy. I just needed proof that they were executed. Ideally, I wanted to collect the following information with each execution: