162 matches found
Dynamic Malware Classification of Windows PE Files Using CNNs and Greyscale Images Derived from Runtime API Call Argument Conversion
Malware detection and classification remains a topic of concern for cybersecurity, since it is becoming common for attackers to use advanced obfuscation on their malware to stay undetected. Conventional static analysis is not effective against polymorphic and metamorphic malware as these change...
QUT-DV25: a Dataset for Dynamic Analysis of Next-Gen Software Supply Chain Attacks
Securing software supply chains is a growing challenge due to the inadequacy of existing datasets in capturing the complexity of next-gen attacks, such as multiphase malware execution, remote access activation, and dynamic payload generation. Existing datasets, which rely on metadata inspection a...
Security-By-Design at the Telco Edge with OSS: Challenges and Lessons Learned
This paper presents our experience, in the context of an industrial R&D project, on securing GENIO, a platform for edge computing on Passive Optical Network PON infrastructures, and based on Open-Source Software OSS. We identify threats and related mitigations through hardening, vulnerability...
CVE-2025-31116
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...
CVE-2025-31116 Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS Rebinding
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...
Stored Cross-site Scripting (XSS)
Mobile Security Framework MobSF is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the bundle ID value in dynamicanalysis.html, which allows an attacker to inject special characters and break the HTML context, leading to Stored XSS...
Cross-site Scripting (XSS)
Overview mobsf is a Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Affected versions of this package are vulnerable to Cross-site...
MobSF Stored Cross-Site Scripting (XSS)
Product: MobSF Version: CFBundleIdentifier value. In the dynamicanalysis.html file you do not sanitize...
CVE-2025-24803
Mobile Security Framework MobSF is an automated, all-in-one mobile application Android/iOS/Windows pen-testing, malware analysis and security assessment framework. According to Apple's documentation for bundle ID's, it must contain only alphanumeric characters A–Z, a–z, and 0–9, hyphens -, and...
CVE-2024-54000
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get request in the checkurl method is specified as allowredirects=True, which allows a server-side reque...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to th...
5 Must-Have Tools for Effective Dynamic Malware Analysis
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and gather actionable indicators. Effective analysis must be fast, in-depth, and precise. These five...
CVE-2024-43399 Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure...
Mobile Security Framework 安全漏洞
Mobile Security Framework MobSF is an automated all-in-one mobile application open-sourced by Mobile Security Framework. It is used for penetration testing, malware analysis, and security assessments, and is capable of performing both static and dynamic analysis. A security vulnerability exists i...
CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...
BestEdrOfTheMarket - Little AV/EDR Bypassing Lab For Training And Learning Purposes
Little AV/EDR Evasion Lab for training & learning purposes. ️ under construction.. | | | | | | \ / \ / | | | | | \ / / | | | | | | | | | | | | | | | | | | ' \ / \ | | | /\ \ | | || || | | || | | | | | | | | / |/||/| ||/|| \ /|| || || ||| | / | | | | | | |/| |/ | '| |/ / \ | | | | | | | |...
HCL Technologies AppScan Presence Elevation of Privilege Vulnerability
HCL Technologies AppScan Presence is a suite of dynamic analysis testing tools from HCL Technologies, USA, which is mainly used for Web security testing. An elevation of privilege vulnerability exists in HCL Technologies AppScan Presence, which stems from the presence of an un-referenced service...
Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences
dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...
Mobile Security Framework Security Vulnerability
Mobile Security Framework MobSF is Mobile Security Framework open source an automated all-in-one mobile application . Used for penetration testing, malware analysis and security assessments, it is capable of performing both static and dynamic analysis. A security vulnerability exists in Mobile...