SWPT-Notes

SWPT-Notes Personal study notes compiled while working throug...

SMSI: System Model Security Inference: Automated Threat Modeling for Cyber-Physical Systems

Threat modeling for cyber-physical systems CPS remains a largely manual exercise. This project presents SMSI System Model Security Inference, a hybrid neuro-symbolic pipeline that starts from a SysML architecture model and produces a prioritized list of NIST 800-53 security controls. The prototyp...

Cyber Defense Benchmark: Agentic Threat Hunting Evaluation for LLMs in SecOps

We introduce the Cyber Defense Benchmark, a benchmark for measuring how well large language model LLM agents perform the core SOC analyst task of threat hunting: given a database of raw Windows event logs with no guided questions or hints, identify the exact timestamps of malicious events. The...

sigma-audit

Sigma Stack Audit Full-spectrum security audit combining five...

EUVD-2019-19731

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthlydeposit endpoint with malicious symbol values using boolean-based blind,...

CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts

Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specif...

PT-2026-2371

Name of the Vulnerable Software and Affected Versions Aero CMS version 0.0.1 Description Aero CMS version 0.0.1 has a SQL injection issue in the author parameter. This allows manipulation of database queries using boolean-based, error-based, time-based, and UNION query techniques. Successful...

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

How BAS Helps Threat Exposure Management: A Complete Guide

Your vulnerability scanner just produced a report with hundreds of "critical" CVEs. Now what? For most security teams, this is where the guessing game begins. You know you can't fix everything at once, so you're forced to make tough calls based on CVSS scores and gut feelings, all while hoping yo...

StealthCup: Realistic, Multi-Stage, Evasion-Focused CTF for Benchmarking IDS

Intrusion Detection Systems IDS are critical to defending enterprise and industrial control environments, yet evaluating their effectiveness under realistic conditions remains an open challenge. Existing benchmarks rely on synthetic datasets e.g., NSL-KDD, CICIDS2017 or scripted replay frameworks...

The Death of the Security Checkbox: BAS Is the Power Behind Real Defense

Security doesn't fail at the point of breach. It fails at the point of impact. That line set the tone for this year's Picus Breach and Simulation BAS Summit , where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When...

Disrupting threats targeting Microsoft Teams

The extensive collaboration features and global adoption of Microsoft Teams make it a high-value target for both cybercriminals and state-sponsored actors. Threat actors abuse its core capabilities – messaging chat, calls and meetings, and video-based screen-sharing – at different points along th...

PT-2025-30603 · Undefined · Undefined

ParsedReport CompletenessLow 22-07-2025 CVE-202553770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES &VICTIMS https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/ Report completeness: Low Actors/Campaigns: Arcanedoor Threats: Toolshell vuln...

From Threat to Tool: Leveraging Refusal-Aware Injection Attacks for Safety Alignment

Safely aligning large language models LLMs often demands extensive human-labeled preference data, a process that's both costly and time-consuming. While synthetic data offers a promising alternative, current methods frequently rely on complex iterative prompting or auxiliary models. To address...

A Large Language Model-Supported Threat Modeling Framework for Transportation Cyber-Physical Systems

Modern transportation systems rely on cyber-physical systems CPS, where cyber systems interact seamlessly with physical systems like transportation-related sensors and actuators to enhance safety, mobility, and energy efficiency. However, growing automation and connectivity increase exposure to...

SecReEvalBench: a Multi-Turned Security Resilience Evaluation Benchmark for Large Language Models

The increasing deployment of large language models in security-sensitive domains necessitates rigorous evaluation of their resilience against adversarial prompt-based attacks. While previous benchmarks have focused on security evaluations with limited and predefined attack domains, such as...

Towards Effective Identification of Attack Techniques in Cyber Threat Intelligence Reports Using Large Language Models

This work evaluates the performance of Cyber Threat Intelligence CTI extraction methods in identifying attack techniques from threat reports available on the web using the MITRE ATT&CK framework. We analyse four configurations utilising state-of-the-art tools, including the Threat Report ATT&CK...

Year in Review: Attacks on identity and MFA

For our third focussed topic for Talos' 2024 Year in Review, we tell the story of how identity has become the pivot point for adversarial campaigns. The main themes of this story are credential abuse, Active Directory attacks, and MFA workarounds. Valid account usage was the 1 way attackers got i...

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

Cybersecurity Blind Spots in IaC and PaC Tools Expose Cloud Platforms to New Attacks

Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code IaC and policy-as-code PaC tools like HashiCorp's Terraform and Styra's Open Policy Agent OPA that leverage dedicated, domain-specific languages DSLs to breach cloud platforms and exfiltrate data...