The Infinite Mutation Engine? Measuring Polymorphism in LLM-Generated Offensive Code

Malware authors have traditionally relied on polymorphic techniques to produce variants in the same malware family, complicating signature-based detection. Integrating generative AI into offensive toolchains enables attackers to synthesize structurally diverse payloads with identical behavior,...

Semantic Superiority Vs. Forensic Efficiency: A Comparative Analysis of Deep Learning and Psycholinguistics for Business Email Compromise Detection

Business Email Compromise BEC is a sophisticated social engineering threat that manipulates organizational hierarchies and exploits psychological vulnerabilities, leading to significant financial damage. According to the 2024 FBI Internet Crime Report, BEC accounts for over $2.9 billion in annual...

Quantum-Resistant Authentication Scheme for RFID Systems Using Lattice-Based Cryptography

We propose a novel quantum-resistant mutual authentication scheme for radio-frequency identification RFID systems. Our scheme uses lattice-based cryptography and, in particular, achieves quantum-resistance by leveraging the hardness of the inhomogeneous short integer solution ISIS problem. In...

AutoPentest: Enhancing Vulnerability Management with Autonomous LLM Agents

A recent area of increasing research is the use of Large Language Models LLMs in penetration testing, which promises to reduce costs and thus allow for higher frequency. We conduct a review of related work, identifying best practices and common evaluation issues. We then present AutoPentest, an...

Key Exchange Protocol Based on Circulant Matrix Action over Congruence-Simple Semiring

We present a new key exchange protocol based on circulant matrices acting on matrices over a congruence-simple semiring. We describe how to compute matrices with the necessary properties for the implementation of the protocol. Additionally, we provide an analysis of its computational cost and its...

Azure Bill Forecast High After Subscribing to Veeam Data Cloud

Challenge After subscribing to Veeam Data Cloud for Microsoft 365 via Microsoft Marketplace, the Cost Analysis chart within the Microsoft Azure portal displays a forecasted future cost much higher than expected. Cause The forecast chart in the Cost Analysis tile uses a simplified algorithm for...

Optimizing Data Lakes: Streamlining Storage with Effective Object Management

Data lakes are a popular solution for data storage, and for good reason. Data lakes are flexible and cost effective, as they allow multiple query engines and many object formats without the need to manage resources like disks, CPUs, and memory. In a data lake, data is simply stored in an object...

CrackQL - GraphQL Password Brute-Force And Fuzzing Utility

CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...

Graphql-Threat-Matrix - GraphQL Threat Framework Used By Security Professionals To Research Security Gaps In GraphQL Implementations

Why graphql-threat-matrix? graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The differences in how GraphQL implementations interpret and conform to the GraphQL specification...

VMware vRealize Business for Cloud Command Injection Vulnerability

Vmware vRealize Business for Cloud is a software application from Vmware, Inc. It provides an automated way to perform cloud cost analysis, consumption metrics, and cloud comparison and planning, as well as providing cost visibility and business insight so that cloud functions can be run more...

Zero Days Have Staying Power

It takes less than a month for most zero-day exploits to be developed, and about a quarter of those previously unknown and unpatched vulnerabilities will go undiscovered and undisclosed to the vendor for an average of 9.5 years. And the odds two hackers will find the same zero day are slim. RAND...