Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: Bloodhound – Grey-box attack-path discovery in Rust/Go/C++ binaries (bloodhoundsecurity.ca)
4 points by michaelafam1 20 hours ago | hide | past | favorite | 6 comments
We originally set out to solve complex debugging headaches and useless alerts caused by traditional security scanners in our own projects. Static Analysis (SAST) flagged too much noise because it couldn't verify runtime context, while Dynamic Analysis (DAST) missed internal logic bugs because it treated the app like a black box.

We built a CLI tool to bridge this gap using grey box testing from a red team approach. We use internal knowledge of the codebase to guide parallel execution, allowing us to find complex or hidden logic errors and attack paths standard linters/scanners miss.

The Tech (Grey Box Graphing & Execution): - Internal Graphing (The Map): It ingests the codebase to build a dependency graph of the internal logic. - Parallel Execution (The Test): The code is then tested on parallel engines. We spin up copies of your local dev environment to exercise the codebase in thousands of ways. This is the validation that proves a bug is real. - Logic Error Detection: Because It understands the intended architecture (the graph) and sees the actual behavior (execution), we can flag Logic Errors, (ex. race conditions, state inconsistencies, memory leaks etc). - Tainted Flow Mapping: We map tainted control flow over the dependency graph. This highlights exactly how external input threads through your logic to trigger a vulnerability. It then spins up a local instance to replay this flow and confirm the exploit.

How it runs: It runs locally via CLI to maintain privacy with secure repos and ease. Generates remediation via MD reports pinpointing the line of the error and downstream effects.

The Trade-off: This approach trades power for speed and deep testing. This testing engine is recommended for more sophisticated systems.

Try it out: We are currently opening our beta VS extension for early users.

Optimized for (Rust, C++, Go, Java) and IaC (Terraform, Docker, K8s). Also supports Python, TS/JS, C#, PHP, and (20+ other languages).

P.S. We are happy to run this ourselves on repos. If you maintain a complex project and want to see if our engine can find logic or security holes, drop a link or reach out via the comments/site and we’ll do it and send the results.





That's an interestingly named product. Bloodhound is a well known/established security tool/platform. You're in for legal trouble I think. But legality and suits aside, you guys also use graph-db from the sound it, just like them. were you familiar with their product?

How does it compare to codeql (github), whitesource/mend? I'm used to just looking at the reports and validating things, is your main sell here that you auto-generate exploits and validate the vulnerability? Will your VS/IDE extension integrate in-line with the code, highlighting findings and helping you trace the execution flow?

reply


Change the name. It's poor taste to name your tool after another other well known tool and could result in legal issues if you insist on naming this Bloodhound.

reply


BloodHound team: blood is in your hands. You’ve taken the name of an established security tool and attached it to what, based on your description, looks like a lightly engineered LLM-driven wrapper

reply


This looks cool, but I’m sad you’ve chosen a name that already associated with another security tool :(

reply


Looking at a possible rebrand in the near future haha.

reply


Oh, looks like a simple wrapper over an LLM, $2K per run! Nice!

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: