BSides Leeds 2026

Sat 13th June 2026 – Cloth Hall Court Leeds

2026 Speaker – Dan Houghton

Malware Slop: Bypassing Skill Issues with Vibe Coded Trojans

Speaker card with photo of Dan Houghton and the text 'I'm speaking on track 1, Sat 13th June'

Track 1 – 1:45pm

Dan Houghton, Penetration Tester at Pen Test Partners

Bio

Dan (@NaClGoat) is a pentester that specialises in ‘so daft it might just work’ TTPs

Talk Abstract

Hey GPT. Generate a 0day exploit for me. Make no mistakes.'

AI has made coding more accessible to everyone.

Not only have LLMs turned your nan into the Rick Rubin of Rust, hackers can now use AI to write functional malware that sails past endpoint security like it didn’t take only 30 minutes to pull together.

We’re going to dissect a real scenario where AI was used to vibe code a viable command and control payload that evaded detection by multiple contemporary security controls (and didn’t decimate any token budgets).

Expect to see a small amount of slop, but this isn’t a code review. Instead, we’re going to be focusing on the processes, outcomes and implications of AI-augmented offensive operations.

Intended Audience

Generating malware slop is as easy as generating videos to convince your Nan cats can operate forklifts – what’s scary is how well they both work. If you’ve used ChatGPT, you can write functional malware (and maybe even get away with it!)

How NSFW is this talk?

(How spicy is your talk in chilli's?)

I do like a good swear but I’m not egregious with it.