Rootconf 2025 Annual Conference CfP

Abstract

In the ever-evolving landscape of cybersecurity, automation has long been a cornerstone for scaling defenses and improving incident response. With the emergence of Generative AI (GenAI) and Large Language Models (LLMs), we are now witnessing a new era of possibilities—where intelligent systems can not only automate mundane tasks but also assist in building, extending, and reasoning about complex security tools. This talk explores the intersection of GenAI and security automation, showcasing practical use cases where LLMs have significantly reduced the time and effort required for tasks such as malware analysis, threat intelligence enrichment, report generation, and even code synthesis for custom security utilities.

Drawing from over a decade of engineering experience and recent hands-on experiments with tools like ChatGPT and other LLMs, I’ll share real-world insights on where GenAI truly shines—and where it falls short. From crafting Sigma and YARA rules, automating reconnaissance, generating Nmap NSE or Nuclei templates, to building entire PoCs with AI assistance, the talk will walk through the “automated adventures” that highlight the potential of AI as a copilot for security engineers. At the same time, we will explore the current limitations, hallucination risks, and considerations around trust, verification, and human oversight. This session will be a blend of technical deep dives, live demos, and cautionary tales—ideal for practitioners curious about leveraging AI in their security automation journey.

Takeaways

Few key takeaways for the attendees:

• How Generative AI can assist in automating everyday security tasks such as rule generation (YARA/Sigma), scanning template creation (Nmap/Nuclei), and even writing custom tools.
• Understand the Strengths and Limits of GenAI.
• Explore how to use LLMs effectively as an “engineering copilot” to speed up prototyping, documentation, and iterative development of security tools and playbooks.

Target Audience

The talk will have something for every attendee who are working in cybersecurity domain. With the introduction of AI tools in everyday workflows, it is imperative for all practitioners to understand their strength and limitations in regards to security automation.

About Author

Rahul Binjve (c0dist) currently leads the Cyber Threat Intelligence (CTI) Engineering team at Fortinet. With over a decade of experience in aggregating and contextualizing various threats, he’s a seasoned threat intelligence practitioner. Rahul has presented and conducted workshops at several international conferences, including Black Hat, Nullcon, PHDays, c0c0n, Seasides and BSides. He’s also contributed to multiple open-source security projects, such as the SHIVA spampot and Detux Linux sandbox. Rahul’s passions lie in information security, automation, human behavior, and—of course—breaking things.