Show HN: Bloodhound – Grey-box attack-path discovery in Rust/Go/C++ binaries(www.bloodhoundsecurity.ca)
5 pointsby michaelafam15 days ago5 comments
  • notepad0x904 days ago
    That's an interestingly named product. Bloodhound is a well known/established security tool/platform. You're in for legal trouble I think. But legality and suits aside, you guys also use graph-db from the sound it, just like them. were you familiar with their product?

    How does it compare to codeql (github), whitesource/mend? I'm used to just looking at the reports and validating things, is your main sell here that you auto-generate exploits and validate the vulnerability? Will your VS/IDE extension integrate in-line with the code, highlighting findings and helping you trace the execution flow?

    • michaelafam12 days ago
      We don't auto generate issues exploits but rather find the already existing exploits and break them further to test the full depth of the vuln. We use some aspects of graph DB but its not quite the same thing. This differs from Mend and CodeQL because they focus on deep semantic analysis or SCA, We use parallel detection systems for hybrid, holistic analysis by combining advanced static testing, execution modeling, and ML on test data to improve bug breadth, path feasibility, and alert prioritization aka. prove deep rooted issues other tools are not trained to find.

      And yes it does integrate in line with the code and trace exec flow. Would you wanna try it out and see what it can help you find? It runs locally so nothing leaves your system

  • 1970-01-014 days ago
    Change the name. It's poor taste to name your tool after another other well known tool and could result in legal issues if you insist on naming this Bloodhound.
  • brihati4 days ago
    BloodHound team: blood is in your hands. You’ve taken the name of an established security tool and attached it to what, based on your description, looks like a lightly engineered LLM-driven wrapper
    • michaelafam12 days ago
      Lol ouch "lightly engineered LLM wrapper". We'll take that into account the next website overhaul. Thanks for the feedback
  • MadsRC4 days ago
    This looks cool, but I’m sad you’ve chosen a name that already associated with another security tool :(
    • michaelafam14 days ago
      Looking at a possible rebrand in the near future haha.
  • pshirshov4 days ago
    Oh, looks like a simple wrapper over an LLM, $2K per run! Nice!