Hacker News: csnate

New comment by csnate in "Ask HN: What are you working on? (June 2026)"

csnate — Sun, 14 Jun 2026 17:24:25 +0000

I'm building a plugin for Ghidra called Specter that aims to bring semi-deterministic agent workflows to Ghidra. It adds a terminal like interface to Ghidra's code browser where you can chat or run DSL queries.

The project is currently 100% vibe coded with codex\gpt-5.5, but after running some experiments, I'm working on replacing some of the vibe coded SQL engine with Apache Calcite.

https://github.com/coldentry/Specter

Show HN: Multiturn GRPO on the DGX Spark

csnate — Fri, 06 Feb 2026 20:01:09 +0000

Article URL: https://github.com/nathanjackson/spark-grpo

Comments URL: https://news.ycombinator.com/item?id=46917426

Points: 2

# Comments: 0

New comment by csnate in "Ask HN: Seeeking help to reverse engineer a PCB"

csnate — Fri, 23 Jan 2026 23:44:55 +0000

Reverse engineering is my bread and butter. I’d be willing to look into this for you.

Feel free to reach out: uniform_solar.9i@icloud.com

New comment by csnate in "Ask HN: What Are You Working On? (June 2025)"

csnate — Mon, 30 Jun 2025 11:21:58 +0000

I continue to work on PwnScan, a tool that combines traditional static analysis and AI to find vulnerabilities in binaries. I recently added support for integer overflow bugs.

https://pwnscan.com/

New comment by csnate in "Ask HN: What are you working on? (May 2025)"

csnate — Mon, 26 May 2025 02:30:46 +0000

You’re the second person who has asked me this, I think I need to start a blog or something.

So I dont want to give too much away about how it works because I think I might try to offer a paid version where the results are private.

But at a high level it combines an LLM, program analysis, and heuristics.

New comment by csnate in "Ask HN: What are you working on? (May 2025)"

csnate — Sun, 25 May 2025 21:06:42 +0000

https://pwnscan.com

A binary static analysis tool that identifies vulnerabilities.

Right now, still just focused on buffer overflows. It can find some known CVEs and I’ve made several reliability improvements over the past month or so.

I think I’m going to expand to additional vulnerability types soon.

New comment by csnate in "Launch HN: Jazzberry (YC X25) – AI agent for finding bugs"

csnate — Thu, 15 May 2025 01:46:58 +0000

Solving the false positive problem is like solving the halting problem. I don’t think we get to a world where static analysis tools don’t have them, AI or otherwise.

That said, I have found LLMs can find bugs in binaries. It’s not all false positives, as far as I can tell. I have a side project I’ve been working on that does just this (shameless plug): PwnScan.com. It’s currently free and focused on binaries.

The bad news is that you quickly get into a situation where you have too many false positives where it’s sometimes not feasible to sort through them all.

New comment by csnate in "Ask HN: What are you working on? (April 2025)"

csnate — Mon, 28 Apr 2025 12:58:51 +0000

PwnScan - https://pwnscan.com/

My current side project is a vulnerability scanner for binaries. I do VR in my day job, so im trying to figure out how useful (or not) AI is for this domain.

Jury is still out. Getting false positives and negatives, but I can find some known CVEs!

Show HN: I Made an AI-Powered Static Analyzer for Binaries

csnate — Sun, 27 Apr 2025 00:44:43 +0000

For at least a few years (since before COVID), in my circle everbody wants an AI tool that finds vulnerabilities in binaries. I have my reservations about such a tool because of my perception that AI is overhyped, so I decided to build one myself to see how useful it could be (or not).

I was actually kinda surprised how well it worked for my collection of binaries with known CVEs. It definitely has false positives and negatives, as any static analysis tool would, but I think its actually somewhat usable. I dont think the results are super actionable, but interesting nonetheless. I still think the AI hype can be out there sometimes, but this project taught me a lot about the subject and forced me to think in ways that I wouldn't normally when doing RE/VR/program analysis.

Right now, this is just a side project. It only looks for buffer overflows for now (still a common bug, believe it or not). I dont know if I'll expand this to more vulnerability types, work on trying to reduce the false positives, or if I'll even keep this going long term. Hoping to get some opinions on where to go next and find the bugs.

Comments URL: https://news.ycombinator.com/item?id=43808497

Points: 2

# Comments: 0

New comment by csnate in "Hunger shifts attention towards less healthy food options, study finds"

csnate — Sun, 13 Apr 2025 04:35:47 +0000

This has been my experience when using Zepbound, one of the new-ish weight loss drugs. Since I am not hungry all the time or having strong cravings, I think much more carefully about what I eat and how much. “I can only eat this much, so I better eat something with protein/fiber.” Before I would not feel sated until I gave into a craving.

Downside though is that sometimes I end up “wanting to want.” Like, having a date night with the wife, social gatherings with food, or just the occasional indulgence.