Hacker News with Generative AI: Security Research

Using PDDL to find privilege escalation paths (usenix.org)
Current academic vulnerability research predominantly focuses on identifying individual bugs and exploits in programs and systems. However, this goes against the growing trend of modern, advanced attacks that rely on a sequence of steps (i.e., a chain of exploits) to achieve their goals, often incorporating individually benign actions.

Cybersecurity, Security Research, Privilege Escalation, AI, Programming Languages

7 points by peperunas 9 days ago | 0 comments

Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate (arstechnica.com)
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers’ networks, the company and outside researchers warned Tuesday.

Cybersecurity, VMware, Vulnerabilities, Security Research

7 points by jnord 52 days ago | 0 comments

Snyk Security Labs Testing Update: Cursor.com AI Code Editor (snyk.io)
Snyk’s Security Labs team aims to find and help mitigate vulnerabilities in software used by developers around the world, with an overarching goal to improve the state of software security.

Software Security, Code Editors, AI, Testing, Security Research

6 points by ksbrooksjr 102 days ago | 1 comments

Hardware Security Exploit Research – Xbox 360 (github.com/kooscode)
I'm fairly well versed with original XBOX and writing home-brew code for it 20 years ago, but I have since not spent much time on the XBOX 360 or XBOX One platforms beyond tons of gaming and I have always been interrested in how exactly the XBOX 360 security was defeated.

Hardware Security, Reverse Engineering, Xbox 360, Gaming Consoles, Security Research

216 points by nazgulsenpai 128 days ago | 98 comments

How to find exploits in video games (shalzuth.com)
In this guide, I'll walk you through how I create tools to find exploits in video games for bug bounty programs. Specifically, I'll focus on my research into the game Sword of Convallaria.

Video Games, Bug Bounties, Security Research

188 points by shalzuth 169 days ago | 32 comments

Thousands of Linux systems infected by stealthy malware since 2021 (arstechnica.com)
Thousands of machines running Linux have been infected by a malware strain that’s notable for its stealth, the number of misconfigurations it can exploit, and the breadth of malicious activities it can perform, researchers reported Thursday.

Cybersecurity, Linux, Malware, Security Research

34 points by lisper 204 days ago | 12 comments

Network Traffic Analysis of ICMP "Love" Noise Storms (darthnull.org)
Earlier this month, I attended BSidesNoVA in Arlington, where the keynote was Andrew Morris of GreyNoise. Using sensors distributed all over the world, GreyNoise collects…background noise…on the Internet. Basically, they watch and monitor activity that hits lots of hosts randomly – network mapping, port scanning, doorknob rattling. If you see someone trying to break into your SSH server, you can check GreyNoise to see if that person (well, their IP, anyway) has been seen doing such things in the past.

Network Security, Internet, Data Analysis, Security Research

9 points by a_morris 211 days ago | 2 comments

Notes on AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls. As pioneers in confidential computing security, we at Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.

Cloud Security, AWS, Security Research, Confidential Computing

20 points by tatersolid 214 days ago | 1 comments

Notes and Receipts (PCAPs) for TCP and ICMP Noise Storms (github.com/GreyNoise-Intelligence)
Notes and receipts (PCAPs) for TCP and ICMP Noise Storms

Network Security, Security Research, TCP/IP, ICMP

16 points by jayhoon 218 days ago | 1 comments

0day Contest for End-of-Life Devices Announced (districtcon.org)
The Junkyard is a platform to showcase novel security research and support hobby and career development for security researchers.

Security Research, Cybersecurity, End-of-Life Devices, Competitions

261 points by winnona 220 days ago | 155 comments

Debunking fake stock Pixel OS vulnerability from an EDR company (grapheneos.org)

Cybersecurity, Android, Operating Systems, Security Research

35 points by kaspar030 253 days ago | 7 comments

Black Hat 2024: Secure Shells in Shambles [pdf] (blackhat.com)

Cybersecurity, Conferences, Security Research, Hacking

101 points by hdmoore 258 days ago | 30 comments

The Wild West of Proof of Concept Exploit Code (PoC) (santandersecurityresearch.github.io)

Cybersecurity, Security Research, Exploit Code

5 points by todsacerdoti 271 days ago | 0 comments

ArcaneDoor – New campaign found targeting network devices (talosintelligence.com)

Cybersecurity, Network Security, Malware, Campaigns, Security Research

72 points by voisin 364 days ago | 23 comments