787 matches found
From Transactions to Exploits: Automated PoC Synthesis for Real-World DeFi Attacks
Blockchain systems are increasingly targeted by on-chain attacks that exploit contract vulnerabilities to extract value rapidly and stealthily, making systematic analysis and reproduction highly challenging. In practice, reproducing such attacks requires manually crafting proofs-of-concept PoCs, ...
CVE-2025-23421
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...
Application-Specific Power Side-Channel Attacks and Countermeasures: A Survey
Side-channel attacks try to extract secret information from a system by analyzing different side-channel signatures, such as power consumption, electromagnetic emanation, thermal dissipation, acoustics, time, etc. Power-based side-channel attack is one of the most prominent side-channel attacks i...
ReSMT: An SMT-Based Tool for Reverse Engineering
Software obfuscation techniques make code more difficult to understand, without changing its functionality. Such techniques are often used by authors of malicious software to avoid detection. Reverse Engineering of obfuscated code, i.e., the process of overcoming obfuscation and answering questio...
CVE-2025-53960
When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...
Use Of Hard-coded Cryptographic Key
Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...
EUVD-2025-203092
Apache StreamPark: Use the user’s password as the secret key Vulnerability...
Reverse Engineering and Control-Aware Security Analysis of the ArduPilot UAV Framework
Unmanned Aerial Vehicle UAV technologies are gaining high interest for many domains, which makes UAV security of utmost importance. ArduPilot is among the most widely used open-source autopilot UAV frameworks; yet, many studies demonstrate the vulnerabilities affecting such systems. Vulnerabiliti...
Black-Box Guardrail Reverse-Engineering Attack
Large language models LLMs increasingly employ guardrails to enforce ethical, legal, and application-specific constraints on their outputs. While effective at mitigating harmful responses, these guardrails introduce a new class of vulnerabilities by exposing observable decision patterns. In this...
Dynamic binary instrumentation (DBI) with DynamoRio
This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...
RAT-Vulnerabilities
🐀 RAT Vulnerabilities 🐀 --- 🚩 Project overview...
REx86: A Local Large Language Model for Assisting in X86 Assembly Reverse Engineering
Reverse engineering RE of x86 binaries is indispensable for malware and firmware analysis, but remains slow due to stripped metadata and adversarial obfuscation. Large Language Models LLMs offer potential for improving RE efficiency through automated comprehension and commenting, but cloud-hosted...
367-HW1
It is an educational repository for a Reverse Engineering + Bina...
EUVD-2021-24846
Malware in sbrugna...
EUVD-2017-11847
Malware in sbrugna...
EUVD-2018-9795
Malware in sbrugna...
EUVD-2021-25517
Malware in sbrugna...
EUVD-2018-10681
Malware in sbrugna...
EUVD-2020-17924
Malware in sbrugna...
EUVD-2021-12929
Malware in sbrugna...