csnate (u/csnate) - Readit News

csnate commented on Ask HN: What Are You Working On? (June 2025) · Posted by u/david927

csnate · 6 months ago

I continue to work on PwnScan, a tool that combines traditional static analysis and AI to find vulnerabilities in binaries. I recently added support for integer overflow bugs.

https://pwnscan.com/

csnate commented on Ask HN: What are you working on? (May 2025) · Posted by u/david927

lordofgibbons · 7 months ago

Very cool! Where can I read up on how something like this works?

csnate · 7 months ago

You’re the second person who has asked me this, I think I need to start a blog or something.

So I dont want to give too much away about how it works because I think I might try to offer a paid version where the results are private.

But at a high level it combines an LLM, program analysis, and heuristics.

csnate commented on Ask HN: What are you working on? (May 2025) · Posted by u/david927

csnate · 7 months ago

https://pwnscan.com

A binary static analysis tool that identifies vulnerabilities.

Right now, still just focused on buffer overflows. It can find some known CVEs and I’ve made several reliability improvements over the past month or so.

I think I’m going to expand to additional vulnerability types soon.

csnate commented on Launch HN: Jazzberry (YC X25) – AI agent for finding bugs · Posted by u/MarcoDewey

jdefr89 · 7 months ago

Ton of work already being done on this. I am a Vulnerability Researcher @ MIT and I know of a few efforts, just at my lab alone, being worked on. So far nearly everything I have seen seems to do nothing but report false positives. They are missing bugs a fuzzer could have found in minutes. I will be impressed when it finds high severity/exploitable bugs. I think we are a bit too far from that if its achievable though. On the flip side LLMs have been very useful reverse engineering binaries. Binary Ninja w/ Sidekick (their LLM plugin) can recover and name data structures quite well. It saves a ton of time. Also does a decent job providing high level overviews of code...

csnate · 7 months ago

Solving the false positive problem is like solving the halting problem. I don’t think we get to a world where static analysis tools don’t have them, AI or otherwise.

That said, I have found LLMs can find bugs in binaries. It’s not all false positives, as far as I can tell. I have a side project I’ve been working on that does just this (shameless plug): PwnScan.com. It’s currently free and focused on binaries.

The bad news is that you quickly get into a situation where you have too many false positives where it’s sometimes not feasible to sort through them all.

csnate commented on Ask HN: What are you working on? (April 2025) · Posted by u/david927

csnate · 8 months ago

PwnScan - https://pwnscan.com/

My current side project is a vulnerability scanner for binaries. I do VR in my day job, so im trying to figure out how useful (or not) AI is for this domain.

Jury is still out. Getting false positives and negatives, but I can find some known CVEs!

csnate commented on Hunger shifts attention towards less healthy food options, study finds medicalxpress.com/news/20... · Posted by u/PaulHoule

_HMCB_ · 9 months ago

I don’t understand the possible solution this article describes. Educating people is trumped by the fact hunger exacerbates unhealthy eating. So not having people in a vulnerable, very hungry state is key to having them consider healthy options.

csnate · 9 months ago

This has been my experience when using Zepbound, one of the new-ish weight loss drugs. Since I am not hungry all the time or having strong cravings, I think much more carefully about what I eat and how much. “I can only eat this much, so I better eat something with protein/fiber.” Before I would not feel sated until I gave into a craving.

Downside though is that sometimes I end up “wanting to want.” Like, having a date night with the wife, social gatherings with food, or just the occasional indulgence.