Advance_WAF_project_CS

WAFinity - Infinite Protection, Intelligent Detection WAFin...

Hybrid IDS Using Signature-Based and Anomaly-Based Detection

Intrusion detection systems IDS are essential for protecting computer systems and networks against a wide range of cyber threats that continue to evolve over time. IDS are commonly categorized into two main types, each with its own strengths and limitations, such as difficulty in detecting...

Authentication Bypass

OpenStack Keystone is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of AWS Signature-based requests in token endpoints, which allows an attacker to gain unauthorized Keystone access using crafted requests...

Network Intrusion Detection: Evolution from Conventional Approaches to LLM Collaboration and Emerging Risks

This survey systematizes the evolution of network intrusion detection systems NIDS, from conventional methods such as signature-based and neural network NN-based approaches to recent integrations with large language models LLMs. It clearly and concisely summarizes the current status, strengths, a...

EUVD-2020-12789

Malware in sbrugna...

Demystifying the Role of Rule-Based Detection in AI Systems for Windows Malware Detection

Malware detection increasingly relies on AI systems that integrate signature-based detection with machine learning. However, these components are typically developed and combined in isolation, missing opportunities to reduce data complexity and strengthen defenses against adversarial EXEmples,...

Hybrid LLM-Enhanced Intrusion Detection for Zero-Day Threats in IoT Networks

This paper presents a novel approach to intrusion detection by integrating traditional signature-based methods with the contextual understanding capabilities of the GPT-2 Large Language Model LLM. As cyber threats become increasingly sophisticated, particularly in distributed, heterogeneous, and...

Intelligent ARP Spoofing Detection Using Multi-Layered Machine Learning (ML) Techniques for IoT Networks

Address Resolution Protocol ARP spoofing remains a critical threat to IoT networks, enabling attackers to intercept, modify, or disrupt data transmission by exploiting ARP's lack of authentication. The decentralized and resource-constrained nature of IoT environments amplifies this vulnerability,...

CVE-2010-5170

Race condition in Online Solutions Security Suite 1.5.14905.0 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes...

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

Stealing or reusing votes

Lines of code Vulnerability details Impact It is possible to reuse/steal user's votes if they are supposed to cast vote by signature. Proof of Concept Casting votes during nominee election and member election is possible by calling the functions: castVoteWithReasonAndParams...

The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short

As the digital landscape continues to evolve, so do the tactics utilized by bad actors that are seeking to exploit application vulnerabilities. Among the most insidious types of attacks are business logic attacks BLAs. Unlike known attacks, which can be identified by signatures or patterns, such ...

Real-Time Defense of Multi-Cloud Environments From Malicious Attacks and Threats

Organizations today cannot detect real-time threats at runtime due to the multi-cloud infrastructure, resulting in the possibility of malicious actors exploiting the environment. It is imperative for the modern organization to have a solution to detect advanced run-time threats in real-time to...

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token NFT, and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that's capable of bypassing antivirus solutions and stage a variety of attacks. "This malware installer has been used in ...

AntiVirus Evasion Techniques

Introduction Antivirus software looks for, detects, and eliminates viruses as well as other harmful software such as worms, trojans, adware, and others. Such programs are intended to be used as a preventative measure in cyber security, preventing threats from entering your computer and causing...

[SECURITY] Fedora 35 Update: testdisk-7.1-7.fc35

Tool to check and undelete partition. Works with FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, btrfs, BeFS, CramFS, HFS, JFS, Linux Raid, Linux Swap, LVM, LVM2, NSS, ReiserFS, UFS, XFS. PhotoRec is a signature based file recovery utility. It handles more than 440 file formats including JPG,...

CVE-2020-1999 PAN-OS: Threat signatures are evaded by specifically crafted packets

A vulnerability exists in the Palo Alto Network PAN-OS signature-based threat detection engine that allows an attacker to communicate with devices in the network in a way that is not analyzed for threats by sending data through specifically crafted TCP packets. This technique evades signature-bas...

Download Guide — Advanced Threat Protection Beyond the AV

At a certain point, almost every organization reaches the conclusion that there is a need to move past just the standard AV and firewall stack in order to soundly protect their environment. The common practice in recent years is to gain extra protection through implementing either EDR\EPP solutio...

Obfuscapk - A Black-Box Obfuscation Tool For Android Apps

Obfuscapk is a modular Python tool for obfuscating Android apps without needing their source code, since apktool is used to decompile the original apk file and to build a new application, after applying some obfuscation techniques on the decompiled smali code, resources and manifest. The obfuscat...

ClamAV 0.102.0 - bytecode_vm Code Execution

ClamAV 0.102.0 - bytecodevm Code Execution !/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...