Julian Totzek-Hallhuber

Let’s write an exploit using AI

It started with a simple prompt to ChatGPT. It ended with a fully functional exploit for Log4Shell, built without writing a single line of code by hand.

Let’s write an exploit using AI
#1about 2 minutes

Using AI to write an exploit as a non-developer

A security professional explains the motivation for using ChatGPT to create a proof-of-concept exploit for the Log4Shell vulnerability without being a developer.

#2about 4 minutes

Using ChatGPT to explain the Log4Shell CVE

The Log4Shell (CVE-2021-44228) vulnerability is explained as an LDAP injection flaw in a widely used Java logging library.

#3about 3 minutes

Prompting ChatGPT to write a basic scanning tool

ChatGPT is prompted to generate a simple JavaScript tool for scanning for the Log4Shell vulnerability after initially refusing on ethical grounds.

#4about 5 minutes

Setting up a test environment to validate the exploit

A vulnerable Java application is sourced via ChatGPT and the exploit is validated by using Wireshark to capture the outbound LDAP request.

#5about 4 minutes

Iteratively improving the script for automated scanning

The initial script is enhanced by prompting ChatGPT to add features for scanning multiple targets, crawling for paths, and handling HTTP 404 errors.

#6about 2 minutes

How AI tools make both developers and attackers more efficient

AI tools accelerate development but also lower the barrier for attackers, highlighting the critical need for secure coding practices and dependency management.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Understanding the recent surge in software vulnerabilities
07:44 MIN

Understanding the recent surge in software vulnerabilities

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
How attackers use AI to refactor exploits
04:40 MIN

How attackers use AI to refactor exploits

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
How AI code generators create common security flaws
07:34 MIN

How AI code generators create common security flaws

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Research shows GenAI tools frequently generate insecure code
05:11 MIN

Research shows GenAI tools frequently generate insecure code

The transformative impact of GenAI for software development and its implications for cybersecurity

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Using AI to automatically find and fix security flaws
04:24 MIN

Using AI to automatically find and fix security flaws

The transformative impact of GenAI for software development and its implications for cybersecurity

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Understanding AI security risks for developers
03:35 MIN

Understanding AI security risks for developers

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The security risks of AI-generated code
04:18 MIN

The security risks of AI-generated code

A hundred ways to wreck your AI - the (in)security of machine learning systems

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Using AI to automatically fix security vulnerabilities
02:40 MIN

Using AI to automatically fix security vulnerabilities

How GitHub secures open source

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools35:37

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Liran Tal

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI24:14

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

Chris Wysopal, Helmut Reisinger & Johannes Steger

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Livecoding with AI31:39

Livecoding with AI

Rainer Stropek

The transformative impact of GenAI for software development and its implications for cybersecurity25:19

The transformative impact of GenAI for software development and its implications for cybersecurity

Chris Wysopal

Skynet wants your Passwords! The Role of AI in Automating Social Engineering31:19

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Wolfgang Ettlinger & Alexander Hurbean

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.27:32

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

Sebastian Schrittwieser

ChatGPT: Create a Presentation!30:24

ChatGPT: Create a Presentation!

Markus Walker

Related Articles

View all articles
CH
Chris Heilmann
Exploring AI: Opportunities and Risks for Developers
In today's rapidly evolving tech landscape, the integration of Artificial Intelligence (AI) in development presents both exciting opportunities and notable risks. This dynamic was the focus of a recent panel discussion featuring industry experts Kent...
Exploring AI: Opportunities and Risks for Developers
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 116 - WWWAI?
This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Dev Digest 116 - WWWAI?
CH
Chris Heilmann
Dev Digest 112 - The True Crime of AI Development
In last Friday's Dev Digest, we had some great AI news, some worrying security threats and a swipe-aware game in CSS with explanations! News and ArticlesLet's kick off with some AI news. Netflix caused a stir with AI-generated images in a true crime ...
Dev Digest 112 - The True Crime of AI Development

From learning to earning

Jobs that call for the skills explored in this talk.

AI Prompt Engineer

AI Prompt Engineer

SonarSource

Remote
Data analysis
Machine Learning
Natural Language Processing