12 matches found
InjectV: Modeling Fault Injection Attacks in RISC-V Simulation Environment
Fault Injection Attacks FIAs are a significant threat to hardware security, capable of compromising systems by inducing malicious faults in computation or storage. Evaluating resilience against such attacks is challenging due to the high cost, complexity, and limited availability of physical faul...
MemRepair: Hierarchical Memory for Agentic Repository-Level Vulnerability Repair
Modern software ecosystems face a rapidly growing number of disclosed vulnerabilities, increasing the need for automated repair techniques that can operate reliably at repository scale. Although Large Language Model LLM-based agents have recently shown promise for automated vulnerability repair...
AutoBaxBuilder: Bootstrapping Code Security Benchmarking
As LLMs see wide adoption in software engineering, the reliable assessment of the correctness and security of LLM-generated code is crucial. Notably, prior work has demonstrated that security is often overlooked, exposing that LLMs are prone to generating code with security vulnerabilities. These...
Visualisation for the CIS Benchmark Scanning Results
In this paper, we introduce GraphSecure, a web application that provides advanced analysis and visualisation of security scanning results. GraphSecure enables users to initiate scans for their AWS account, validate them against specific Center for Internet Security CIS Benchmarks and return...
RESCUE: Retrieval Augmented Secure Code Generation
Despite recent advances, Large Language Models LLMs still generate vulnerable code. Retrieval-Augmented Generation RAG has the potential to enhance LLMs for secure code generation by incorporating external security knowledge. However, the conventional RAG design struggles with the noise of raw...
Hitachi Energy MSM
SUMMARY Hitachi Energy is aware of open-source software vulnerabilities that affect MSM product versions listed below. If exploited, these vulnerabilities could result in XSS and DoS attacks, potentially causing confidentiality, integrity and availability impact to MSM. Please refer to the...
TechniqueRAG: Retrieval Augmented Generation for Adversarial Technique Annotation in Cyber Threat Intelligence Text
Accurately identifying adversarial techniques in security texts is critical for effective cyber defense. However, existing methods face a fundamental trade-off: they either rely on generic models with limited domain precision or require resource-intensive pipelines that depend on large labeled...
Configure the Banner Path Correctly
The banner path points to a file which contains the prompt information displayed on the client before a user logs in to the SSH. The content in the file can be configured based on the actual service scenario. If the banner path is not set, no information is displayed by default...
Good News for Script Kiddies? Evaluating Large Language Models for Automated Exploit Generation
Large Language Models LLMs have demonstrated remarkable capabilities in code-related tasks, raising concerns about their potential for automated exploit generation AEG. This paper presents the first systematic study on LLMs' effectiveness in AEG, evaluating both their cooperativeness and technica...
Principles of a Cloud Migration – Security W5H – The WHERE
“Wherever I go, there I am” -Security I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward. It’s one of my favorite conversations to have since I’m not jus...
DbDat - Db Database Assessment Tool
DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...
Database Assessment Tool: DbDat
DbDat performs numerous checks on a database to evaluate security. The categories of checks performed are configuration, privileges, users, and information. Checks are performed by running queries or reading database configuration files. The goal of this tool is to highlight issues that need...