HackerTrans
TopNewTrendsCommentsPastAskShowJobs

uhx

no profile record

comments

uhx
·há 3 meses·discuss
Thank you for clarification. It actually helped: at first I was overcomplicating it in my head.

After thinking about it for an hour I came up with this:

LLM claims that there is a bug. We dont know whether it really exist. We run a second LLM that is capable to write unit-tests/reproducer (dont have to be E2E, shorter data flow -> bigger success rate for LLM), compile program and run the test for ASAN assert. ASAN error means proven bug. No error, as you said, does not prove anything, because it may simply mean LLM failed to write a correct test.

Still don't know how much $ it would cost for LLM reasoning, but this technically should work much better than manually investigating everything.

Sorry for "have-you-ever" thing :)
uhx
·há 3 meses·discuss
> Checking if a real vulnerability can be triggered is a trivial task compared to finding one

Have you ever tried to write PoC for any CVE?

This statement is wrong. Sometimes bug may exist but be impossible to trigger/exploit. So it is not trivial at all.
uhx
·há 4 meses·discuss
Everything you described increases the cost of attack (creating a cheat), and as a result, not everyone can afford it, which means anti-cheats work. They don't have to be a panacea. Gameplay analysis will only help against blatant cheaters, but will miss players with simple ESP.

It's almost the same as saying "you don't need a password on your phone" or something like that.
uhx
·há 4 meses·discuss
you cant be serious

chroot is not a security tool and never has been
uhx
·há 4 meses·discuss
> - Path-sandboxed file ops. Keeps agents locked to a working directory

How is it supposed to work, if agent can simply run "cat" command instead of using skill for file read/write/etc?
uhx
·há 5 meses·discuss
Subscriptions are fine, companies are greedy
uhx
·há 5 meses·discuss
By analyzing payloads / C2 address, etc...
uhx
·há 10 meses·discuss
Same here. Couldn't find any source code