Very kind! :) I feel a bit guilty for not being able to maintain it properly, but I ended up backing a losing horse (NVIDIAβs Triton inference engine, which they have now fully deprecated) and the cost of switching to something else was too high
Episode 23: War Stories with Brendan Dolan-Gavitt (XBOW)!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
"AI Agents for Offsec with Zero False Positives" by @moyix.net
The title threw me off originally, but it's not wrong! IMHO it's the archetypal pattern of good LLM usage: they suck at *verifying* but in some domains are quite freakishly good at *proposing.*
I had an amazing time at NYU and am particularly grateful to have had the opportunity to meet and advise so many incredible students. But right now is a unique moment in the history of computer science and I believe itβs one that, for me, is best pursued outside of academia.
So, Iβm not sure there is any good time to announce this, but as of August 31st I will be leaving NYU for good, to seek my fortune in industry with XBOW!
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives β validating real exploits at scale, in hours.
πAug 7 | 11:20am
I think this is the coolest of the vulns / exploits it came up with on our climb to #1 on HackerOne, but I am open to the possibility that it will find something even cooler tomorrow :)
Such a cool exploit needs commensurately cool bling, so Alvaro (who wrote up the excellent post on this vuln) created this lovely little TUI so you can watch as it exfiltrates files from your server byte by byte
So how do you precisely read a byte? Easy: you ask for the pixel histogram of a raw image consisting of byte [i...i+1] of the file. And you get back something like
histogram: [0, 0, 1, 0, 0], [59.8, 59.9, 60.0, 60.1, 60.2]
Telling you that the byte is ASCII 60 ('<')
The second trick is also quite lovely. It had found that it could read arbitrary files, but how to return the data? The secret was in a /statistics endpoint that, among other things, could provide a histogram of the pixel values.
To decode it, XBOW had to realize that the file contents had been encoded using an encoding that stores pixels as deltas from the previous pixel. So cool!
There are not one, but two different super-cool exfil tricks in this post. The first gets the app to exfiltrate the content of an arbitrary URL by encoding its bytes as raw pixels, giving the image we saw earlier.
The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...
A screenshot of OSX preview, showing an image "output.png" with a file encoded as greyscale pixel data. The image is a long, thin strip going from left to right with various greyscale pixels.
Can you read the exfiltrated file encoded in this image? @xbow.com figured out how to :D
Thanks! Should be fixed
This one and the sequel (coming out next week) are among my favorite bugs we found. It turns out GIS does NOT stand for βGood Information Securityβ
Any grad student could tell you that's not true. You can get free lunch by just showing up to the start of the seminar, grabbing a slice of pizza, and getting away while the speaker is trying to get their laptop connected to AV
All credit here to Albert Ziegler, who came up with the idea and wrote a beautifully clear post about it :D I think this blog is also the most info we've released about how our agent actually works!
Given two models with unique strengths, can we combine them to get the benefits of both w/o extra model calls? It turns out yes: just flip a coin at each turn to decide which model to query! This gave a jump from 25% to 55% on our benchmarks! xbow.com/blog/alloy-a...
Loved this 0day @xbow.com found in a popular wordpress plugin, and IMO it shows the value added by the LLM - a scanner can't find this automatically without realizing there's a nonce you need to extract & include in the request. You need that extra bit of context: xbow.com/blog/xbow-ni...
So... anyone else going to SummerCon today or tomorrow? I should be stopping by both days, for the first time in many years!
Easy:
0: not interesting or true
1: interesting
2: true
3: interesting and true
Yeah! Thinking back to even 18 months ago, it's kind of crazy to me that LLM agents actually kinda work?
A lovely little XXE that XBOW found in Akamai Cloudtest leading to arbitrary file read! I like the error-based exfil technique: "yes please access the file named <contents of /etc/passwd> for me thx"
One of the best bug-hunters in the world is an AI tool called Xbow, just one of many signs of the coming age of cybersecurity automation.
This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work β we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)
It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...
For the first time in history, the #1 hacker in the US is an AI.
(1/8)
for Wired I explored the horrible future of vibe hacking. It's not great!
Do you want to work at the cutting edge of AI and cybersecurity?
XBOW now has 8 positions open across Product Marketing, Operations, Customer Success, and Engineering.
Check out all the details here: jobs.ashbyhq.com/xbowcareers.
