Exploit-Notes

Exploit Notes Exploit Notes is sticky notes for pentesting...

H2O Flow Unauthenticated Access

H2O Flow is an open-source user interface for H2O, an open-source, distributed and scalable machine learning and predictive analytics platform. By default, H2O Flow does not require authentication to access the application. This allows an attacker to access sensitive data. This detection is...

ML-Logger 安全漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A security vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from an incorrect manipulation of the parameter data of the...

ML-Logger 路径遍历漏洞

ML-Logger is a logger, server and visualization dashboard for machine learning projects by Ge Yang Personal Developer. A path traversal vulnerability exists in ML-Logger acf255bade5be6ad88d90735c8367b28cbe3a743 and prior versions, which stems from a misbehavior of the loghandler function in the...

Inference Attacks on Encrypted Online Voting Via Traffic Analysis

Online voting enables individuals to participate in elections remotely, offering greater efficiency and accessibility in both governmental and organizational settings. As this method gains popularity, ensuring the security of online voting systems becomes increasingly vital, as the systems...

Exploiting Timing Side-Channels in Quantum Circuits Simulation Via ML-Based Methods

As quantum computing advances, quantum circuit simulators serve as critical tools to bridge the current gap caused by limited quantum hardware availability. These simulators are typically deployed on cloud platforms, where users submit proprietary circuit designs for simulation. In this work, we...

Time-Constrained Intelligent Adversaries for Automation Vulnerability Testing: a Multi-Robot Patrol Case Study

Simulating hostile attacks of physical autonomous systems can be a useful tool to examine their robustness to attack and inform vulnerability-aware design. In this work, we examine this through the lens of multi-robot patrol, by presenting a machine learning-based adversary model that observes...

Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution

With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device effective threat mitigation strategies. Such strategies empower...

A Framework for Detection and Classification of Attacks on Surveillance Cameras under IoT Networks

The increasing use of Internet of Things IoT devices has led to a rise in security related concerns regarding IoT Networks. The surveillance cameras in IoT networks are vulnerable to security threats such as brute force and zero-day attacks which can lead to unauthorized access by hackers and...

Quantum AI Algorithm Development for Enhanced Cybersecurity: a Hybrid Approach to Malware Detection

This study explores the application of quantum machine learning QML algorithms to enhance cybersecurity threat detection, particularly in the classification of malware and intrusion detection within high-dimensional datasets. Classical machine learning approaches encounter limitations when dealin...

E-PhishGen: Unlocking Novel Research in Phishing Email Detection

Every day, our inboxes are flooded with unsolicited emails, ranging between annoying spam to more subtle phishing scams. Unfortunately, despite abundant prior efforts proposing solutions achieving near-perfect accuracy, the reality is that countering malicious emails still remains an unsolved...

An Intrusion Detection System in Internet of Things Using Grasshopper Optimization Algorithm and Machine Learning Algorithms

The Internet of Things IoT has emerged as a foundational paradigm supporting a range of applications, including healthcare, education, agriculture, smart homes, and, more recently, enterprise systems. However, significant advancements in IoT networks have been impeded by security vulnerabilities...

Hybrid Cryptographic Monitoring System for Side-Channel Attack Detection on PYNQ SoCs

AES-128 encryption is theoretically secure but vulnerable in practical deployments due to timing and fault injection attacks on embedded systems. This work presents a lightweight dual-detection framework combining statistical thresholding and machine learning ML for real-time anomaly detection. B...

Picklescan is missing detection when calling built-in python cProfile.runctx

Summary Using cProfile.runctx function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to cProfile.runctx function in reduce method Then when the victim after...

Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

GHSA-FQQ6-7VQF-W3FG Picklescan is missing detection when calling built-in python doctest.debug_script

Summary Using doctest.debugscript function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to doctest.debugscript function in reduce method Then when the victim...

Picklescan is missing detection when calling built-in python idlelib.pyshell.ModifiedInterpreter.runcode

Summary Using idlelib.pyshell.ModifiedInterpreter.runcode function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.pyshell.ModifiedInterpreter.runcod...

Picklescan is missing detection when calling built-in python lib2to3.pgen2.pgen.ParserGenerator.make_label

Summary Using lib2to3.pgen2.pgen.ParserGenerator.makelabel function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...

Picklescan has a missing detection when calling built-in python library idlelib.calltip.get_entity

Summary Using idlelib.calltip.getentity function, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to idlelib.calltip.getentity function in reduce method Then whe...

GHSA-7CQ8-MJ8X-J263 Picklescan has a missing detection when calling built-in python idlelib.autocomplete.AutoComplete.fetch_completions

Summary Using idlelib.autocomplete.AutoComplete.fetchcompletions, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to...