Hacker News: tylerni7

New comment by tylerni7 in "Copy Fail"

tylerni7 — Wed, 29 Apr 2026 22:27:34 +0000

because we're a company and we want to make money to continue to fund cool research, and help our customers secure their software :)

New comment by tylerni7 in "Copy Fail"

tylerni7 — Wed, 29 Apr 2026 20:39:18 +0000

yeah... definitely a bit of a rush to get the landing page out after a long time in the disclosure process. The folks putting this all together have been working like mad (finding the bug, disclosing, working a lot on patching, writing up POCs and verifying exploitability in different scenarios) and stayed up really late to finish up the landing page, which led to a lot of minor issues.

But the bug is real and people should patch :)

For the size: sometimes people will shove in kilobytes of offset tables or something into an exploit, so it'll fingerprint and then look up details to work. This is much smaller because it doesn't need any of that, which is important for severity. (I agree the "golf" nature is a bit of an aside, kind of like pwn2own exploits taking "10 seconds")

New comment by tylerni7 in "Copy Fail"

tylerni7 — Wed, 29 Apr 2026 20:29:24 +0000

ugh sorry should be fixed. There was some scrambling to get more info together to explain the issue (and yes, obviously marketing), so there are some minor mistakes. Thanks for pointing it out!

Building LLM Agents for Hacking

tylerni7 — Mon, 25 Aug 2025 16:29:33 +0000

Article URL: https://theori.io/blog/building-effective-llm-agents-63446

Comments URL: https://news.ycombinator.com/item?id=45015631

Points: 1

# Comments: 0

The brain of a 0day finding hacking bot

tylerni7 — Wed, 13 Aug 2025 16:53:57 +0000

Article URL: https://theori.io/blog/exploring-traces-63950

Comments URL: https://news.ycombinator.com/item?id=44890865

Points: 3

# Comments: 0

What we learned building AI hacker agents

tylerni7 — Wed, 13 Aug 2025 15:32:08 +0000

Article URL: https://theori.io/blog/building-effective-llm-agents-63446

Comments URL: https://news.ycombinator.com/item?id=44889791

Points: 2

# Comments: 0

Lessons learned building an AI hacker

tylerni7 — Tue, 12 Aug 2025 16:28:24 +0000

Article URL: https://theori.io/blog/building-effective-llm-agents-63446

Comments URL: https://news.ycombinator.com/item?id=44878568

Points: 4

# Comments: 0

New comment by tylerni7 in "North Korean ICBM launch detected using GPS"

tylerni7 — Mon, 28 Nov 2022 02:24:46 +0000

The main protocol is called NTRIP. Lots of sources make it available (though it might be annoying to stream from ~250 simultaneously, not sure). There's a lot if you search that term though.

I think GEONET (the Japanese data source) might have some NTRIP casters. Also some in Korea and elsewhere. Sometimes you have to pay for access though, so I need to look more.

New comment by tylerni7 in "North Korean ICBM launch detected using GPS"

tylerni7 — Mon, 28 Nov 2022 00:23:27 +0000

Thanks! It's mostly just been for fun, lots of academic work has already shown the principles of it.

I'm glad folks are looking at it, and enjoying it! If you have questions or anything let me know! :)

New comment by tylerni7 in "North Korean ICBM launch detected using GPS"

tylerni7 — Mon, 28 Nov 2022 00:11:43 +0000

Oh hey I wrote this!

Yeah, we had a detector with some ML stuff, it worked okay, but the main issue is there isn't much training data.

Overall the false positives are quite low (visually, which is hand wavey, of course). I've not really seen a big event that was not real. I ran it for a while 24/7 and while there are "scintillations" there aren't any circular waves. False negatives are a much bigger issue. Something like an IRBM or SRBM doesn't really show up, and those are much more common.

Fwiw, this uses a bandpass filter to look for the ripples, which filters out a ton of noise. Looking at ionospheric depletion would be good and probably more sensitive, but it requires accurate models of what the ionosphere ought to do. I've tried a few things there with mixed results.

New comment by tylerni7 in "Rapid Fire security games"

tylerni7 — Thu, 26 May 2016 18:03:28 +0000

:) Thanks for posting! I made this (the blog post/narrated the videos).

Some folks asked, so I also uploaded the source for the challenges in the videos: https://github.com/ForAllSecure/c2c-rapidfire-challenges

New comment by tylerni7 in "Remote Timing Attacks Are Practical"

tylerni7 — Sun, 24 Jul 2011 19:15:07 +0000

Just so everyone knows, this specific attack is rather old. Modern versions of the RSA algorithm use blinding to specifically prevent this, which causes the RSA calculations to effectively be performed on random data.

There has also recently been a published timing attack regarding elliptic curve signatures, and there are some older papers about AES's vulnerability to timing attacks due to cache misses when using S-boxes. So while this paper specifically isn't a viable attack today, it is still relevant.