Julian Totzek-Hallhuber

Let’s write an exploit using AI

It started with a simple prompt to ChatGPT. It ended with a fully functional exploit for Log4Shell, built without writing a single line of code by hand.

Let’s write an exploit using AI
#1about 2 minutes

Using AI to write an exploit as a non-developer

A security professional explains the motivation for using ChatGPT to create a proof-of-concept exploit for the Log4Shell vulnerability without being a developer.

#2about 4 minutes

Using ChatGPT to explain the Log4Shell CVE

The Log4Shell (CVE-2021-44228) vulnerability is explained as an LDAP injection flaw in a widely used Java logging library.

#3about 3 minutes

Prompting ChatGPT to write a basic scanning tool

ChatGPT is prompted to generate a simple JavaScript tool for scanning for the Log4Shell vulnerability after initially refusing on ethical grounds.

#4about 5 minutes

Setting up a test environment to validate the exploit

A vulnerable Java application is sourced via ChatGPT and the exploit is validated by using Wireshark to capture the outbound LDAP request.

#5about 4 minutes

Iteratively improving the script for automated scanning

The initial script is enhanced by prompting ChatGPT to add features for scanning multiple targets, crawling for paths, and handling HTTP 404 errors.

#6about 2 minutes

How AI tools make both developers and attackers more efficient

AI tools accelerate development but also lower the barrier for attackers, highlighting the critical need for secure coding practices and dependency management.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Exploring the role and ethics of AI in gaming
14:06 MIN

Exploring the role and ethics of AI in gaming

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

The emerging market for fixing AI-generated code
04:09 MIN

The emerging market for fixing AI-generated code

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

The impact of AI on tech recruitment and resumes
08:18 MIN

The impact of AI on tech recruitment and resumes

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Using Chrome's built-in AI for on-device features
06:44 MIN

Using Chrome's built-in AI for on-device features

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

Using AI prompts to rebuild a classic 8-bit game
05:26 MIN

Using AI prompts to rebuild a classic 8-bit game

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Featured Partners

Related Videos

See all videos
The AI Security Survival Guide: Practical Advice for Stressed-Out Developers30:36

The AI Security Survival Guide: Practical Advice for Stressed-Out Developers

Mackenzie Jackson

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools35:37

Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools

Liran Tal

The transformative impact of GenAI for software development and its implications for cybersecurity25:19

The transformative impact of GenAI for software development and its implications for cybersecurity

Chris Wysopal

Skynet wants your Passwords! The Role of AI in Automating Social Engineering31:19

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Wolfgang Ettlinger & Alexander Hurbean

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.27:32

ChatGPT, ignore the above instructions! Prompt injection attacks and how to avoid them.

Sebastian Schrittwieser

ChatGPT: Create a Presentation!30:24

ChatGPT: Create a Presentation!

Markus Walker

A hundred ways to wreck your AI - the (in)security of machine learning systems24:23

A hundred ways to wreck your AI - the (in)security of machine learning systems

Balázs Kiss

Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March202547:35

Panel discussion: Developing in an AI world - are we all demoted to reviewers? WeAreDevelopers WebDev & AI Day March2025

Laurie Voss, Rey Bango, Hannah Foxwell, Rizel Scarlett & Thomas Steiner

Related Articles

View all articles
DC
Daniel Cranney
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
Inside last week’s Dev Digest 198 . 🎂 30 years of JavaScript ⏰ How long is a JavaScript second 💻 Clean code in Angular 🤦‍♂️ AI makes different mistakes than humans 👨‍💻 In-browser and offline AI 🟠 Undocumented Hacker News features 🐋 DeepSeek censored...
Dev Digest 198: 30 years of JS, In-Browser AI, How Attackers Abuse GenAI
CH
Chris Heilmann
Exploring AI: Opportunities and Risks for Developers
In today's rapidly evolving tech landscape, the integration of Artificial Intelligence (AI) in development presents both exciting opportunities and notable risks. This dynamic was the focus of a recent panel discussion featuring industry experts Kent...
Exploring AI: Opportunities and Risks for Developers

From learning to earning

Jobs that call for the skills explored in this talk.