Julian Totzek-Hallhuber

Aug 20, 2024 • World Congress 2024

Let’s write an exploit using AI

It started with a simple prompt to ChatGPT. It ended with a fully functional exploit for Log4Shell, built without writing a single line of code by hand.

#1about 2 minutes

Using AI to write an exploit as a non-developer

A security professional explains the motivation for using ChatGPT to create a proof-of-concept exploit for the Log4Shell vulnerability without being a developer.

#2about 4 minutes

Using ChatGPT to explain the Log4Shell CVE

The Log4Shell (CVE-2021-44228) vulnerability is explained as an LDAP injection flaw in a widely used Java logging library.

#3about 3 minutes

Prompting ChatGPT to write a basic scanning tool

ChatGPT is prompted to generate a simple JavaScript tool for scanning for the Log4Shell vulnerability after initially refusing on ethical grounds.

#4about 5 minutes

Setting up a test environment to validate the exploit

A vulnerable Java application is sourced via ChatGPT and the exploit is validated by using Wireshark to capture the outbound LDAP request.

#5about 4 minutes

Iteratively improving the script for automated scanning

The initial script is enhanced by prompting ChatGPT to add features for scanning multiple targets, crawling for paths, and handling HTTP 404 errors.

#6about 2 minutes

How AI tools make both developers and attackers more efficient

AI tools accelerate development but also lower the barrier for attackers, highlighting the critical need for secure coding practices and dependency management.

IGEL Technology GmbH
Bremen, Germany

Senior

Java

IT Security

VECTOR Informatik
Stuttgart, Germany

Senior

Java

IT Security

Wilken GmbH
Ulm, Germany

Senior

Kubernetes

AI Frameworks

+3

Understanding the recent surge in software vulnerabilities

07:44 MIN

Understanding the recent surge in software vulnerabilities

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

How AI code generators create common security flaws

07:34 MIN

How AI code generators create common security flaws

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Understanding the security risks of AI-generated code

05:47 MIN

Understanding the security risks of AI-generated code

WeAreDevelopers LIVE – Building on Algorand: Real Projects and Developer Tools

How attackers use AI to refactor exploits

04:40 MIN

How attackers use AI to refactor exploits

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Understanding AI security risks for developers

03:35 MIN

Understanding AI security risks for developers

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Research shows GenAI tools frequently generate insecure code

05:11 MIN

Research shows GenAI tools frequently generate insecure code

The transformative impact of GenAI for software development and its implications for cybersecurity

Using AI to automatically find and fix security flaws

04:24 MIN

Using AI to automatically find and fix security flaws

The transformative impact of GenAI for software development and its implications for cybersecurity

The security risks of AI-generated code

04:18 MIN

The security risks of AI-generated code

A hundred ways to wreck your AI - the (in)security of machine learning systems

Featured Partners

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Liran Tal

about a year ago • WeAreDevelopers LIVE

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

WWC24 - Chris Wysopal, Helmut Reisinger and Johannes Steger - Fighting Digital Threats in the Age of AI

Chris Wysopal, Helmut Reisinger & Johannes Steger

about a year ago • World Congress 2024

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

about a year ago • World Congress 2024

The transformative impact of GenAI for software development and its implications for cybersecurity

The transformative impact of GenAI for software development and its implications for cybersecurity

Chris Wysopal

about a year ago • World Congress 2024

GenAI Security: Navigating the Unseen Iceberg

GenAI Security: Navigating the Unseen Iceberg

Maish Saidel-Keesing

about 3 months ago • World Congress 2025

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

Sebastian Schrittwieser

about 2 years ago • World Congress 2023

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Wolfgang Ettlinger & Alexander Hurbean

about 2 years ago • World Congress 2023

ChatGPT: Create a Presentation!

ChatGPT: Create a Presentation!

Markus Walker

about 2 years ago • World Congress 2023

Related Articles

View all articles

DC

Daniel Cranney

Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...

Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI

DC

Daniel Cranney

Dev Digest 205: AI vs. OSS, Hidden ChatGPT Features, Linux in a PDF

Inside last week’s Dev Digest 205 . 😔 The end of the curl bug bounty 📝 Agent Skills vs. Rules vs. Commands 💬 The best hidden ChatGPT features 📅 Weaponising calendar invites 🟪 CSS in 2026 🐍 Python numbers you should know 👨‍💻 The Github Copilot SDK 💻 ...

Dev Digest 205: AI vs. OSS, Hidden ChatGPT Features, Linux in a PDF

CH

Chris Heilmann

Exploring AI: Opportunities and Risks for Developers

In today's rapidly evolving tech landscape, the integration of Artificial Intelligence (AI) in development presents both exciting opportunities and notable risks. This dynamic was the focus of a recent panel discussion featuring industry experts Kent...

Exploring AI: Opportunities and Risks for Developers

DC

Daniel Cranney

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

This week, we’re continuing our look-back on some of the best moments from the Weekly Developer Show from 2025. Here’s what some of our fantastic guests had to say… Sebastian Gingter cracked open the idea of “slopsquatting” and explained why we shou...

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

From learning to earning

Jobs that call for the skills explored in this talk.

Full Stack / AI Engineer (Java / Python / GenAI) - part-time possible (all genders)

Accenture AG
Zürich, Switzerland

Intermediate

API

Java

Azure

React

DevOps

+11

Customer Security Engineer, Pentesting

Aikido Security
Ghent, Belgium

Remote

{"@context":"https://schema.org/","@type":"JobPosting","title":"Software Engineer 2 - Full-Stack - Behavioral Security Products

Abnormal AI

Intermediate

API

Spark

Kafka

Python

Full Stack / AI Engineer (Java / Python / GenAI) - part-time possible (all genders)

Accenture AG
Bern, Switzerland

Intermediate

API

Java

Azure

React

DevOps

+11

AI Developer (SC Cleared)

Stealth It
Charing Cross, United Kingdom

AI Agent Builder & Experimenter (Fullstack)

autonomous-teaming
München, Germany

Remote

API

React

Python

TypeScript

AI Developer

Ext
Geneva, Switzerland

Remote

C++

Java

Python

PyTorch

+2

AI Full-Stack Software Developer

autonomous-teaming
Potsdam, Germany

API

Python

TypeScript

Embedded Security Engineer - Schwachstellenanalyse | Car IT | Secure Coding

Prognum Automotive GmbH
Ulm, Germany

Remote

C++