Speedrunners are vulnerability researchers, they just don't know it yet

The metaphor is a bit stretched for the purposes of content marketing a startup. The major difference between vulnerability researchers and the speedrunning community is that speedrunning is highly <i>collaborative and open</i>. There are massive speedrunning Discord communities for each game, and even before Discord existed, tricks and hacks were discovered iteratively just by many people watching other people do them often unintentionally and trying to figure out how they work (a common trend in every Summoning Salt video).<p>Nintendo doesn&#x27;t care if people find ACE in decade-old games (usually) and post decompiled versions of games on GitHub so people can find out how they tick, but vulnerability researchers can&#x27;t do that unless they want to risk causing a legal shitstorm.

I think if they&#x27;re active in the speedrunning community, then they&#x27;re already well aware of this! And for a fun additional example to add to this article, you can often find TAS&#x27;ers talking about arbitrary code execution. The legendary GDQ run of TASBot&#x27;s alternate ending to OoT[0] utiziling an ACE exploit they found in that game absolutely blew me away.<p>[0] <a href="https:&#x2F;&#x2F;youtu.be&#x2F;PNbkv_DJ0f0?t=3112" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;PNbkv_DJ0f0?t=3112</a>

I&#x27;ve wondered myself why there&#x27;s so little overlap between these two closely related interests of mine. Some of it seems to be the &quot;But I don&#x27;t want to cure cancer. I want to turn people into dinosaurs.&quot; effect, where some of the people working on exploiting games ONLY care about what can be done in their one game of interest - it doesn&#x27;t always generalize to interest in using the same techniques against everything else.<p>Of course there&#x27;s also the fact that exploiting 20-30 year old games is just vastly easier than modern software, due to the total lack of mitigations in them. And that&#x27;s on top of the fact that with popular games, you&#x27;re building on decades of reverse engineering work rather than (potentially) starting from scratch. And the arguably superior toolset (savestates etc).<p>But I think a very big factor is the one this blogpost is trying to address - most people just don&#x27;t know anything at all about the vuln research industry, which is not exactly searching for attention in the ways that speedruns broadcast to hundreds of thousands of viewers for charity are.

This is absolutely and obviously true. Vulnerability researchers watch tool-assisted speedrun videos with jealousy. Side-note: when we did Microcorruption, game devs outperformed everybody but elite vuln researchers.

I watched the world record speedrun of Subnautica the other day and someone was kind enough to have posted a comment with a full list of all the bugs he exploited to beat the game in 28 minutes.<p>It was quite mind boggling. When I played the game I barely encountered a single bug or glitch - it seemed pretty polished! - but in actual fact there were 100’s of outstanding bugs, years after the game’s release and multiple updates.

The important distinction, and where the comparison might fall short as the job-advertisement purpose of this post, is motivation. Speedrunners enjoy games because games are fun. Speedrunners get to actually use these vulnerabilities in a way that is meaningful in their lives, whereas vulnerability researchers typically don&#x27;t.<p>This is an observation about cyber security in general, but in my experience, bug hunting and reverse engineering require a lot of tenacity at a level that writing software and other areas of IT do not. I think tenacity is a difficult thing to summon if your only tangible motivation is a salary, the target software is intrinsically boring, and you know that you&#x27;ll be rewarded whether or not you find the bugs.

Interesting article!<p>Though it&#x27;s too bad that cyber security is not as intrinsically fun and interesting to a lot of speed runners as video games. A large part of what allows speedrunners to spend hours searching for glitches and exploits in these games is that they&#x27;re having an absolute blast while doing it! Also exploiting glitches in decades old games is generally pretty accessible and doesn&#x27;t have a high barrier to entry like cyber security.

At its most extreme, this crossover gets you things like arbitrary code execution on Super Mario World.<p>EDIT: There was supposed to be a link here. <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=jnZ2NNYySuE" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=jnZ2NNYySuE</a>

I&#x27;m a speedrunner, and I&#x27;m pretty sure this is well known -- and accepted as standard in some categories! It&#x27;s a pretty well accepted standard (to the point of the headline being almost a mild offense!).<p>In the gaming world, undefined software behavior is critical to this sort of thing, we see this especially in some games like the legendary exploits found in the Ocarina of Time speedruns for example.<p>I mean, in Super Mario World, SethBling did code injection to manually run a version of Flappy Bird (how ironic given the origin of the pipes!) in the game. By hand. No savestates. It took forever and the run through is really and truly fascinating: <a href="https:&#x2F;&#x2F;youtu.be&#x2F;hB6eY73sLV0?si=nIP07o_fa6O9rauW" rel="nofollow">https:&#x2F;&#x2F;youtu.be&#x2F;hB6eY73sLV0?si=nIP07o_fa6O9rauW</a><p>I speedrun things other than games as well -- and so the generalization is not just that we are security researchers, we are people who fundamentally learn the &quot;shape&quot; of a thing very, very well, and ways that this shape can be used to get from one state on that shape to another.<p>In conclusion -- yes, it can be something as simple as security research! But the joy and the beauty of speedrunning is something so much bigger and beautiful than that -- though it certainly is one outcome that can be had!

Opens with an AI-generated image, I&#x27;m gonna assume the text is from the same source and close the tab.

This is an interesting premise. I especially like framing speed runners as researchers

Antithesis is using this idea to improve its bug-finding product: <a href="https:&#x2F;&#x2F;antithesis.com&#x2F;blog&#x2F;zelda&#x2F;" rel="nofollow">https:&#x2F;&#x2F;antithesis.com&#x2F;blog&#x2F;zelda&#x2F;</a>

Many moons ago I used to speedrun Goldeneye and Perfect Dark on the n64. This was in the very early 2000s. I was pretty good but by no means the best.<p>It&#x27;s strange to see many of the people I used to hang out with on AIM and MSN messenger now have legendary speed runs and entire lore threads and wikipedia pages written about them.<p>I think the itch you scratch doing speedruns is a lot like the itch you scratch doing any kind of creative coding and&#x2F;or exploit research.

The only speedrun I can personally do is the Warios Stadium N64 Mario kart level where you can hop over the wall right at the start!<p>My favorite from Baldurs Gate 3 is where a speedrunner found that if you kill Shadowheart and stuff her in a box, you can quickly get through the story. Sucks for her!

I also think a lot of speedrunnimg tecniques demontrate the &quot;anything can happen&quot; nature of undefined behavior in an viscerally, not-purely-theoretical way. What happens when you don&#x27;t take undefined behavior seriously? Well, then Mario can backward longjump into a parallel universe and teleport enemies on a whim.

This blogspam is attributed to &quot;a Senior Cyber Engineer&quot;. Are they (a) ashamed of the nonsense advertisement they wrote, or (b) not actually an engineer, but rather a ChatGPT prompter?

And some vulnerability researchers are just prosecution speedrunners!

Speedrunners have an emotional attachment to video games from childhood. It’s why the most competitive categories are classic games like Mario. They take something you and I are familiar with and play it to such a degree it becomes a new experience.<p>You can’t look at the meta skills around speedrunning and expect them to transfer with a similar drive or interest.<p>What it probably indicates is that a large number of talented youth never had an outlet for their skills which rewarded them. So their most meaningful experiences became video games instead of say, electrical engineering or teaching math.

<i>some</i> speedrunners that compete in categories where glitches are <i>allowed</i> and who <i>find</i> the bugs themselves can be labeled <i>hackers</i>.

Also competitive gamers and pannenkoek, which I can&#x27;t fit into any category. But the man found all of the bugs in super mario 64 and then some.

I remember watching a video about this a while ago....it was a fresh perspective into a side of security research I didn&#x27;t consider.

For every fun thing there is a boring version someone will pay you for that has none of the real reasons or joy in it.

Worked with the folks at Zetier previously. They’re bright. Go work with them if you want to do some cool VR stuff.

including ai generated illustrations in your articles or presentations is very cringe

they pretty much know it. Also, many speedrunners just run, while research is done and &quot;published&quot; by people before, pretty much using all the hacking technics.

Maybe QA as well

They&#x27;re game testers.

I mean this is pretty obvious, they are both trying to glitch software to get a desired but unintended outcome.<p>I think if anything vulnerability &#x27;researchers&#x27; should study speedrunners more than the opposite. They are shockingly successful and they have shown again and again that there is almost no limit to how much you can glitch software.

what about the road runner?

LOL another business exec or MBA bro trying to flood the cybersecurity market, you guys are seriously reaching here.