Mr-Robot-CTF-Automation-Scripts

No d...

Malicious code in ect-472839-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a67248cb7373817da18e0edf4a019e2e6c9ded239e93a2e477ac168f7f45eeaa package.json declares a preinstall hook "preinstall": "node index.js" that auto-executes on npm install. index.js issues an HTTP GET to the hardcoded...

Kernel-Exploit-Dojo-499

Kernel-Exploit-Dojo-499 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-283

Kernel-Exploit-Dojo-283 CTF kernel exploitation notes, PoCs,...

MAL-2026-5096 Malicious code in cscc-glass-house (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...

GodSearch

󰓾 GodSearch v20.0 — THE SOVEREIGN 💀 Universal Exploit Sear...

Metasploitable3-pentest-lab

🛡️ Metasploitable3 — Home Lab Penetration Test Report Aut...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift - HTB-Ready Exploit Standalone ex...

wafuzz

wafuzz — Web Pentesting Orchestrator Interactive CLI web secu...

ctf-scripts

CTF Scripts Kumpulan script otomatisasi dan template eksploit...

web-vuln-scanner

🔍 WebVulnScanner v1.0 A production-grade, async Python web...

Do Agents Dream of Root Shells? Partial-Credit Evaluation of LLM Agents in Capture the Flag Challenges

Large Language Model LLM agents are increasingly proposed for autonomous cybersecurity tasks, but their capabilities in realistic offensive settings remain poorly understood. We present DeepRed, an open-source benchmark for evaluating LLM-based agents on realistic Capture The Flag CTF challenges ...

Wa3r-OffSec-Kit

🔐 Wa3r-OffSec-Kit - Practical Security Tools and Notes !Dow...

Environment-Grounded Multi-Agent Workflow for Autonomous Penetration Testing

The increasing complexity and interconnectivity of digital infrastructures make scalable and reliable security assessment methods essential. Robotic systems represent a particularly important class of operational technology, as modern robots are highly networked cyber-physical systems deployed in...

AI in Cybersecurity Education -- Scalable Agentic CTF Design Principles and Educational Outcomes

Large language models are rapidly changing how learners acquire and demonstrate cybersecurity skills. However, when human--AI collaboration is allowed, educators still lack validated competition designs and evaluation practices that remain fair and evidence-based. This paper presents a...

CTF As a Service: A Reproducible and Scalable Infrastructure for Cybersecurity Training

Capture The Flag CTF competitions have established themselves as a highly effective pedagogical tool in cybersecurity education, offering students hands-on experience in realistic attack and defense scenarios. However, organizing and hosting these events requires considerable infrastructure effor...

STRIATUM-CTF: A Protocol-Driven Agentic Framework for General-Purpose CTF Solving

Large Language Models LLMs have demonstrated potential in code generation, yet they struggle with the multi-step, stateful reasoning required for offensive cybersecurity operations. Existing research often relies on static benchmarks that fail to capture the dynamic nature of real-world...

Fullchain 访问控制错误漏洞

Fullchain is an open-source CTF competition platform developed by CTFer.io. Versions of Fullchain prior to 0.1.1 contained access control vulnerability issues. These vulnerabilities were caused by incorrect network policy configurations, and could lead to lateral movement attacks...

CTFd 安全漏洞

CTFd is an open-source Capture The Flag framework developed by CTFd. A security vulnerability exists in the version 3.8.1-18-gdb5a18c4 of CTFd. This vulnerability stems from a ZIP Slip issue in the administrator import function, which may allow attackers to write arbitrary files into directories...

PT-2026-26021

CVE-2026-30345 A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via … https://t.co/FJ70VBbzI8...