Julian Totzek-Hallhuber
Let’s write an exploit using AI
#1about 2 minutes
Using AI to write an exploit as a non-developer
A security professional explains the motivation for using ChatGPT to create a proof-of-concept exploit for the Log4Shell vulnerability without being a developer.
#2about 4 minutes
Using ChatGPT to explain the Log4Shell CVE
The Log4Shell (CVE-2021-44228) vulnerability is explained as an LDAP injection flaw in a widely used Java logging library.
#3about 3 minutes
Prompting ChatGPT to write a basic scanning tool
ChatGPT is prompted to generate a simple JavaScript tool for scanning for the Log4Shell vulnerability after initially refusing on ethical grounds.
#4about 5 minutes
Setting up a test environment to validate the exploit
A vulnerable Java application is sourced via ChatGPT and the exploit is validated by using Wireshark to capture the outbound LDAP request.
#5about 4 minutes
Iteratively improving the script for automated scanning
The initial script is enhanced by prompting ChatGPT to add features for scanning multiple targets, crawling for paths, and handling HTTP 404 errors.
#6about 2 minutes
How AI tools make both developers and attackers more efficient
AI tools accelerate development but also lower the barrier for attackers, highlighting the critical need for secure coding practices and dependency management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
09:25 MIN
Understanding the security risks of AI-generated code
WeAreDevelopers LIVE – Building on Algorand: Real Projects and Developer Tools
00:03 MIN
The security risks of AI-generated code
A hundred ways to wreck your AI - the (in)security of machine learning systems
04:02 MIN
Understanding the recent surge in software vulnerabilities
WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
05:53 MIN
Using AI to automatically fix security vulnerabilities
How GitHub secures open source
08:03 MIN
Managing security risks of AI-assisted code generation
WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI
19:57 MIN
How AI coding assistants impact developer skills
Navigating the Future of Junior Developers in Tech
14:44 MIN
How AI code generators create common security flaws
Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
22:33 MIN
How attackers use AI to refactor exploits
The AI Security Survival Guide: Practical Advice for Stressed-Out Developers
Featured Partners
Related Videos
30:36The AI Security Survival Guide: Practical Advice for Stressed-Out Developers
Mackenzie Jackson
35:37Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
Liran Tal
31:39Livecoding with AI
Rainer Stropek
25:19The transformative impact of GenAI for software development and its implications for cybersecurity
Chris Wysopal
31:19Skynet wants your Passwords! The Role of AI in Automating Social Engineering
Wolfgang Ettlinger & Alexander Hurbean
27:32ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.
Sebastian Schrittwieser
30:24ChatGPT: Create a Presentation!
Markus Walker
24:23A hundred ways to wreck your AI - the (in)security of machine learning systems
Balázs Kiss
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
AI Security Content Engineer
TryHackMe
Charing Cross, United Kingdom
Remote
€57K
Intermediate
Bash
Azure
Python
+7
Generative AI Engineer
Generative Ai Engineer83zero Limited
Glasgow, United Kingdom
£80-88K
GIT
Azure
NoSQL
React
+16
AI Agent Builder & Experimenter (Fullstack)
autonomous-teaming
München, Germany
Remote
API
React
Python
TypeScript
AI Engineer
Codurance
Leeds, United Kingdom
£53K
Azure
Python
Agile Methodologies
Amazon Web Services (AWS)