ExploitMind

ExploitMind Overview ExploitMind is an en...

TEMPLATEFUZZ: Fine-Grained Chat Template Fuzzing for Jailbreaking and Red Teaming LLMs

Large Language Models LLMs are increasingly deployed across diverse domains, yet their vulnerability to jailbreak attacks, where adversarial inputs bypass safety mechanisms to elicit harmful outputs, poses significant security risks. While prior work has primarily focused on prompt injection...

Not All Tokens Are Created Equal: Query-Efficient Jailbreak Fuzzing for LLMs

Large Language ModelsLLMs are widely deployed, yet are vulnerable to jailbreak prompts that elicit policy-violating outputs. Although prior studies have uncovered these risks, they typically treat all tokens as equally important during prompt mutation, overlooking the varying contributions of...

DyMA-Fuzz: Dynamic Direct Memory Access Abstraction for Re-Hosted Monolithic Firmware Fuzzing

The rise of smart devices in critical domains--including automotive, medical, industrial--demands robust firmware testing. Fuzzing firmware in re-hosted environments is a promising method for automated testing at scale, but remains difficult due to the tight coupling of code with a...

PBFuzz: Agentic Directed Fuzzing for PoV Generation

Proof-of-Vulnerability PoV input generation is a critical task in software security and supports downstream applications such as path generation and validation. Generating a PoV input requires solving two sets of constraints: 1 reachability constraints for reaching vulnerable code locations, and ...

BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol

Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol BGP, where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or...

ThreadFuzzer: Fuzzing Framework for Thread Protocol

With the rapid growth of IoT, secure and efficient mesh networking has become essential. Thread has emerged as a key protocol, widely used in smart-home and commercial systems, and serving as a core transport layer in the Matter standard. This paper presents ThreadFuzzer, the first dedicated...

MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing of Industrial Control Protocols

Industrial control systems ICS are vital to modern infrastructure but increasingly vulnerable to cybersecurity threats, particularly through weaknesses in their communication protocols. This paper presents MALF Multi-Agent LLM Fuzzing Framework, an advanced fuzzing solution that integrates large...

Semantic-Aware Fuzzing: an Empirical Framework for LLM-Guided, Reasoning-Driven Input Mutation

Security vulnerabilities in Internet-of-Things devices, mobile platforms, and autonomous systems remain critical. Traditional mutation-based fuzzers -- while effectively explore code paths -- primarily perform byte- or bit-level edits without semantic reasoning. Coverage-guided tools such as AFL+...

Cross-Service Token: Finding Attacks in 5G Core Networks

5G marks a major departure from previous cellular architectures, by transitioning from a monolithic design of the core network to a Service-Based Architecture SBA where services are modularized as Network Functions NFs which communicate with each other via standard-defined HTTP-based APIs called...

BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications

Broken Access Control BAC remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in automated testing due to key challenges: the lack of...

ZTaint-Havoc: from Havoc Mode to Zero-Execution Fuzzing-Driven Taint Inference

Fuzzing is a widely used technique for discovering software vulnerabilities, but identifying hot bytes that influence program behavior remains challenging. Traditional taint analysis can track such bytes white-box, but suffers from scalability issue. Fuzzing-Driven Taint Inference FTI offers a...

ZkFuzz: Foundation and Framework for Effective Fuzzing of Zero-Knowledge Circuits

Zero-knowledge ZK circuits enable privacy-preserving computations and are central to many cryptographic protocols. Systems like Circom simplify ZK development by combining witness computation and circuit constraints in one program. However, even small errors can compromise security of ZK programs...

Snapshot fuzzing direct composition with WTF

Cisco Talos has developed a custom fuzzer using the popular snapshot fuzzer "WTF" which targets Direct Composition in Windows. Talos vulnerability research team used Protocol Buffers developed by Google to serialize and deserialize test cases. The Bochscpu backend of WTF was patched and other...

SUSE CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

probench_aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly mentioned in the provided context; however, the tool is designed to fuzz network protocols, which may lead to the discovery of vulnerabilities. The target product/service or framework is network protocols, and the...

Denial of service in Apache Xerces2

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment JRE in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service infinite loop and application hang via malformed XML input, as...

Fuzzing Left4Dead 2 with CERT’s Basic Fuzzing Framework

The post Fuzzing Left4Dead 2 with CERT’s Basic Fuzzing Framework appeared first on Rhino Security Labs...

ZigBee Security Research Toolkit: KillerBee

KillerBee framework is a tool for attacking ZigBee and IEEE 802.15.4 networks. KillerBee is designed to simplify the process of sniffing packets from the air interface or a supported packet capture file libpcap or Daintree SNA, and for injecting arbitrary packets. Helper functions including IEEE...

Tutorial: Mutiny Fuzzing Framework and Decept Proxy

Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...