MATRA: Modeling the Attack Surface of Agentic AI Systems -- OpenClaw Case Study

LLMs are increasingly deployed as autonomous agents with access to tools, databases, and external services, yet practitioners across different sectors lack systematic methods to assess how known threat classes translate into concrete risks within a specific agentic deployment. We present MATRA, a...

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...

A Unified Compositional View of Attack Tree Metrics

Attack trees ATs are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic...

STAF: Leveraging LLMs for Automated Attack Tree-Based Security Test Generation

In modern automotive development, security testing is critical for safeguarding systems against increasingly advanced threats. Attack trees are widely used to systematically represent potential attack vectors, but generating comprehensive test cases from these trees remains a labor-intensive,...

Bridging Threat Models and Detections: Formal Verification Via CADP

Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition syste...

WATCHDOG: an Ontology-AWare Risk AssessmenT ApproaCH Via Object-Oriented DisruptiOn Graphs

When considering risky events or actions, we must not downplay the role of involved objects: a charged battery in our phone averts the risk of being stranded in the desert after a flat tyre, and a functional firewall mitigates the risk of a hacker intruding the network. The Common Ontology of Val...

Modeling Interdependent Cybersecurity Threats Using Bayesian Networks: a Case Study on In-Vehicle Infotainment Systems

Cybersecurity threats are increasingly marked by interdependence, uncertainty, and evolving complexity challenges that traditional assessment methods such as CVSS, STRIDE, and attack trees fail to adequately capture. This paper reviews the application of Bayesian Networks BNs in cybersecurity ris...

PeTeReport Cross-Site Scripting Vulnerability

PeTeReport is an open source application vulnerability reporting tool. PeTeReport has a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user data, which could be exploited by an attacker to inject persistent JavaScript code through an...

PeTeReport 跨站脚本漏洞

PeTeReport is an open source application vulnerability reporting tool. PeTeReport has a cross-site scripting vulnerability that stems from the software's lack of filtering and escaping of user data, which could be exploited by an attacker to inject persistent JavaScript code through an...

PeTeReport - An Open-Source Application Vulnerability Reporting Tool

PeTeReport Pe nTe st Report is an open-source application vulnerability reporting tool designed to assist pentesting/redteaming efforts, by simplifying the task of writting and generation of reports. Focused in product security, the tool help security researchers and pentesters to provide detaile...