23 matches found
Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research
The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...
wpsecscan
WPSecScan !testshttps://github.com/bryanflowers/wpsecscan...
CVE-2026-8398
A supply chain attack compromised the official installation packages of DAEMON Tools Lite Windows versions 12.5.0.2421 through 12.5.0.2434, distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the...
Malicious code in 3pool-sushibar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5112bb2ea3570e56be6525c48ef026624f46dead693e78333696273c911c6c42 This package is a dependency-chain dropper. package.json declares 15 undocumented dependencies in three numbered families web3chain02032, rusttool070...
A Decompilation-Driven Framework for Malware Detection with Large Language Models
The parallel evolution of Large Language Models LLMs with advanced code-understanding capabilities and the increasing sophistication of malware presents a new frontier for cybersecurity research. This paper evaluates the efficacy of state-of-the-art LLMs in classifying executable code as either...
CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...
Selea CarPlateServer 访问控制错误漏洞
Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...
PT-2025-54418
Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO LIST EXE PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...
EUVD-2019-15105
Malware in sbrugna...
CVE-2019-5530
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...
VTScanner - A Comprehensive Python-based Security Tool For File Scanning, Malware Detection, And Analysis In An Ever-Evolving Cyber Landscape
VTScanner is a versatile Python tool that empowers users to perform comprehensive file scans within a selected directory for malware detection and analysis. It seamlessly integrates with the VirusTotal API to deliver extensive insights into the safety of your files. VTScanner is compatible with...
container-tools:ol8 security, bug fix, and enhancement update
aardvark-dns 2:1.1.0-4 - remove windows binaries and regenerate vendor tarball - Related: 2061390 2:1.1.0-3 - add gating.yaml - Related: 2061390 2:1.1.0-2 - bump Epoch to preserve upgrade path - Related: 2061390 1.1.0-1 - initial import - Related: 2061390 buildah 1:1.27.0-2 - fix CVE-2022-2990 -...
LazySign - Create Fake Certs For Binaries Using Windows Binaries And The Power Of Bat Files
Create fake certs for binaries using windows binaries and the power of bat files Over the years, several cool tools have been released that are capeable of stealing or forging fake signatures for binary files. All of these tools however, have additional dependencies which require Go,python,... Th...
Emulation of Kernel Mode Rootkits With Speakeasy
In August 2020, we released a blog post about how the Speakeasy emulation framework can be used to emulate user mode malware such as shellcode. If you haven’t had a chance, give the post a read today. In addition to user mode emulation, Speakeasy also supports emulation of kernel mode Windows...
NTLMRawUnHide - A Python3 Script Designed To Parse Network Packet Capture Files And Extract NTLMv2 Hashes In A Crackable Format
NTLMRawUnhide.py is a Python3 script designed to parse network packet capture files and extract NTLMv2 hashes in a crackable format. The tool was developed to extract NTLMv2 hashes from files generated by native Windows binaries like NETSH.EXE and PKTMON.EXE without conversion. The following bina...
CVE-2020-13177
The support bundler in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows versions prior to 20.04.1 and 20.07.0 does not use hard coded paths for certain Windows binaries, which allows an attacker to gain elevated privileges via execution of a malicious binary placed in the...
Hunting for LoLBins
By Vanja Svajcer. Introduction Attackers' trends tend to come and go. But one popular technique we're seeing at this time is the use of living-off-the-land binaries — or "LoLBins". LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances...
CVE-2019-5530
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...
Design/Logic Flaw
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...
CVE-2019-5530
Windows binaries generated with InstallBuilder versions earlier than 19.7.0 are vulnerable to tampering even if they contain a valid Authenticode signature...