NHacker Next
  • new
  • past
  • show
  • ask
  • show
  • jobs
  • submit
We hid backdoors in ~40MB binaries and asked AI + Ghidra to find them (quesma.com)
17 points by jakozaur 36 minutes ago | 2 comments
Bender 16 minutes ago [-]
Along this line can AI's find backdoors spread across multiple pieces of code and/or services? i.e. by themselves they are not back-doors, advanced penetration testers would not suspect anything is afoot but when used together they provide access.

e.g. an intentional weakness in systemd + udev + binfmt magic when used together == authentication and mandatory access control bypass. Each weakness reviewed individually just looks like benign sub-optimal code.

jakozaur 30 minutes ago [-]
See direct benchmark link: https://quesma.com/benchmarks/binaryaudit/

Open-source GitHub: https://github.com/QuesmaOrg/BinaryAudit

shablulman 4 minutes ago [-]
[dead]
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact
Rendered at 15:26:20 GMT+0000 (Coordinated Universal Time) with Vercel.