It started with a simple prompt to ChatGPT. It ended with a fully functional exploit for Log4Shell, built without writing a single line of code by hand.
#1about 2 minutes
Using AI to write an exploit as a non-developer
A security professional explains the motivation for using ChatGPT to create a proof-of-concept exploit for the Log4Shell vulnerability without being a developer.
#2about 4 minutes
Using ChatGPT to explain the Log4Shell CVE
The Log4Shell (CVE-2021-44228) vulnerability is explained as an LDAP injection flaw in a widely used Java logging library.
#3about 3 minutes
Prompting ChatGPT to write a basic scanning tool
ChatGPT is prompted to generate a simple JavaScript tool for scanning for the Log4Shell vulnerability after initially refusing on ethical grounds.
#4about 5 minutes
Setting up a test environment to validate the exploit
A vulnerable Java application is sourced via ChatGPT and the exploit is validated by using Wireshark to capture the outbound LDAP request.
#5about 4 minutes
Iteratively improving the script for automated scanning
The initial script is enhanced by prompting ChatGPT to add features for scanning multiple targets, crawling for paths, and handling HTTP 404 errors.
#6about 2 minutes
How AI tools make both developers and attackers more efficient
AI tools accelerate development but also lower the barrier for attackers, highlighting the critical need for secure coding practices and dependency management.
Related jobs
Jobs that call for the skills explored in this talk.
Matching moments
07:44 MIN
Understanding the recent surge in software vulnerabilities
WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
04:40 MIN
How attackers use AI to refactor exploits
The AI Security Survival Guide: Practical Advice for Stressed-Out Developers
07:34 MIN
How AI code generators create common security flaws
Can Machines Dream of Secure Code? Emerging AI Security Risks in LLM-driven Developer Tools
05:11 MIN
Research shows GenAI tools frequently generate insecure code
The transformative impact of GenAI for software development and its implications for cybersecurity
04:24 MIN
Using AI to automatically find and fix security flaws
The transformative impact of GenAI for software development and its implications for cybersecurity
03:35 MIN
Understanding AI security risks for developers
The AI Security Survival Guide: Practical Advice for Stressed-Out Developers
04:18 MIN
The security risks of AI-generated code
A hundred ways to wreck your AI - the (in)security of machine learning systems
02:40 MIN
Using AI to automatically fix security vulnerabilities
Exploring AI: Opportunities and Risks for DevelopersIn today's rapidly evolving tech landscape, the integration of Artificial Intelligence (AI) in development presents both exciting opportunities and notable risks. This dynamic was the focus of a recent panel discussion featuring industry experts Kent...
Chris Heilmann
Dev Digest 138 - Are you secure about this?Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Chris Heilmann
Dev Digest 116 - WWWAI?This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Chris Heilmann
Dev Digest 112 - The True Crime of AI DevelopmentIn last Friday's Dev Digest, we had some great AI news, some worrying security threats and a swipe-aware game in CSS with explanations! News and ArticlesLet's kick off with some AI news. Netflix caused a stir with AI-generated images in a true crime ...
From learning to earning
Jobs that call for the skills explored in this talk.
35:37
24:14
30:36
31:39
25:19
31:19
27:32
30:24
