Improving LLM Agents with Reinforcement Learning on Cryptographic CTF Challenges

Large Language Models LLMs still struggle with the structured reasoning and tool-assisted computation needed for problem solving in cybersecurity applications. In this work, we introduce "random-crypto", a cryptographic Capture-the-Flag CTF challenge generator framework that we use to fine-tune a...

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

Hidden message in Verizon breach report

Last week, after I dropped clues that the cover of this year’s Verizon Data Breach Investigations Report contained a cryptographic challenge, several readers immediately jumped on the challenge. In this blog post, Veracode’s Chris Eng provides a fun walk-through of how he decoded the pattern of 1...

Important: Red Hat Security Advisory: kernel 2.2 and 2.4

Syncookies are used to protect a system against certain Denial Of Service DOS attacks. A flaw in this mechanism has been found which can be used to circumvent certain types of firewall configurations. Note: syncookies are not enabled in the default installation of Red Hat Linux but many server...

CVE-1999-0391

CVE-1999-0391 involves the reuse of the SMB authentication cryptographic challenge in Windows 95/Windows 98, enabling an attacker to replay the response and impersonate a user. Affected software is Windows 95 and Windows 98; the vulnerability lies in the SMB authentication verification (cryptogra...