162 matches found
Ransomware and Artificial Intelligence: A Comprehensive Systematic Review of Reviews
This study provides a comprehensive synthesis of Artificial Intelligence AI, especially Machine Learning ML and Deep Learning DL, in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention,...
APFuzz: Towards Automatic Greybox Protocol Fuzzing
Greybox protocol fuzzing is a random testing approach for stateful protocol implementations, where the input is protocol messages generated from mutations of seeds, and the search in the input space is driven by the feedback on coverage of both code and state. State model and message model are th...
Mopri - an Analysis Framework for Unveiling Privacy Violations in Mobile Apps
Everyday services of society increasingly rely on mobile applications, resulting in a conflicting situation between the possibility of participation on the one side and user privacy and digital freedom on the other. In order to protect users' rights to informational self-determination, regulatory...
Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI
FUGIO Production Guide Introduction FUGIO is the firs...
AI-Powered Algorithms for the Prevention and Detection of Computer Malware Infections
The rise in frequency and complexity of malware attacks are viewed as a major threat to modern digital infrastructure, which means that traditional signature-based detection methods are becoming less effective. As cyber threats continue to evolve, there is a growing need for intelligent systems t...
injection-research
injection-research A study comparing injection vulnerabilities...
Towards Classifying Benign and Malicious Packages Using Machine Learning
Recently, the number of malicious open-source packages in package repositories has been increasing dramatically. While major security scanners focus on identifying known Common Vulnerabilities and Exposures CVEs in open-source packages, there are very few studies on detecting malicious packages...
Pack-A-Mal: A Malware Analysis Framework for Open-Source Packages
The increasingly sophisticated environment in which attackers operate makes software security an even greater challenge in open-source projects, where malicious packages are prevalent. Static analysis tools, such as Malcontent, are highly useful but are often incapable of dealing with obfuscated...
Hybrid Fuzzing with LLM-Guided Input Mutation and Semantic Feedback
Software fuzzing has become a cornerstone in automated vulnerability discovery, yet existing mutation strategies often lack semantic awareness, leading to redundant test cases and slow exploration of deep program states. In this work, I present a hybrid fuzzing framework that integrates static an...
BlueCodeAgent: A Blue Teaming Agent Enabled by Automated Red Teaming for CodeGen AI
As large language models LLMs are increasingly used for code generation, concerns over the security risks have grown substantially. Early research has primarily focused on red teaming, which aims to uncover and evaluate vulnerabilities and risks of CodeGen models. However, progress on the blue...
Security Analysis of Ponzi Schemes in Ethereum Smart Contracts
The rapid advancement of blockchain technology has precipitated the widespread adoption of Ethereum and smart contracts across a variety of sectors. However, this has also given rise to numerous fraudulent activities, with many speculators embedding Ponzi schemes within smart contracts, resulting...
EUVD-2024-2491
Malicious code in bioql PyPI...
EUVD-2024-3432
Malicious code in bioql PyPI...
PinTools
This repository is an example and proof-of-concept PoC for dynamic binary analysis using the Pin tool. The code is designed to detect the classical use-after-free vulnerability. The Pin tool is a dynamic binary instrumentation framework that allows developers to analyze and modify the behavior of...
Feature-Centric Approaches to Android Malware Analysis: a Survey
Sophisticated malware families exploit the openness of the Android platform to infiltrate IoT networks, enabling large-scale disruption, data exfiltration, and denial-of-service attacks. This systematic literature review SLR examines cutting-edge approaches to Android malware analysis with direct...
Linux Distros Unpatched Vulnerability : CVE-2022-3767
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless ...
Demystifying the Role of Rule-Based Detection in AI Systems for Windows Malware Detection
Malware detection increasingly relies on AI systems that integrate signature-based detection with machine learning. However, these components are typically developed and combined in isolation, missing opportunities to reduce data complexity and strengthen defenses against adversarial EXEmples,...
Exploit for CVE-2017-3143
Awesome Vulnerability Research ๐ฆ A curated list of the awesome resources about the Vulnerability Research First things first: There are no exploits in this project. Vulnerabilities != Exploits A Vulnerability resides in the software itself, doing nothing on its own. If you are really curious abou...
The vulnerability of the dynamic_analysis.html component in the Mobile Security Framework (MobSF), a security research framework for mobile applications, allows an attacker to execute cross-site scripting attacks.
The vulnerability of the dynamicanalysis.htm component in the Mobile Security Framework MobSF for mobile application security research is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a remote attacker to execute cross-site scripting...
PoCGen: Generating Proof-Of-Concept Exploits for Vulnerabilities in Npm Packages
Security vulnerabilities in software packages are a significant concern for developers and users alike. Patching these vulnerabilities in a timely manner is crucial to restoring the integrity and security of software systems. However, previous work has shown that vulnerability reports often lack...