6803 matches found
CodeQL 2.25.2
Discover vulnerabilities across a codebase with CodeQL, an industry-leading semantic code analysis engine. CodeQL lets you query code as though it were data. Write a query to find all variants of a vulnerability, eradicating it forever. Then share your query to help others do the same...
Security Is Relative: Training-Free Vulnerability Detection Via Multi-Agent Behavioral Contract Synthesis
Deep learning for vulnerability detection has shown promising results on early benchmarks, but recent evaluations reveal catastrophic degradation: models achieving F1 0.68 on legacy datasets collapse to 0.031 under strict deduplication. We identify the root cause as the semantic ambiguity problem...
MetInfo CMS 8.1 XML Endpoint Behavior Analysis Tool
This script is a PHP-based analysis tool designed to interact with MetInfo CMS 8.1 endpoints through an XML-based interface. It uses cURL to send structured requests to a specific MetInfo module endpoint and evaluates the HTTP responses for basic fingerprinting indicators such as known keywords a...
Zeek 8.0.7
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...
What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI
Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...
A Novel Quantum Augmented Framework to Improve Microgrid Cybersecurity
Small modular nuclear reactors SMRs are redefining the energy generation landscape by enabling the deployment of modular, scalable, and pre-built power units that can be used to build distributed autonomous microgrids for critical infrastructure and burgeoning AI factories. Often, these microgrid...
SoK: Reshaping Research on Network Intrusion Detection Systems
Network Intrusion Detection Systems NIDS have been studied for decades. Hundreds of papers have, e.g., proposed ways to enhance, harden or bypass NIDS. However, the findings of prior literature are hardly reflected in real-world operational contexts. Such a disconnection is problematic for resear...
SDLLMFuzz: Dynamic-Static LLM-Assisted Greybox Fuzzing for Structured Input Programs
Fuzzing has become a widely adopted technique for vulnerability discovery, yet it remains ineffective for structured-input programs due to strict syntactic constraints and limited semantic awareness. Traditional greybox fuzzers rely on mutation-based strategies and coarse-grained coverage feedbac...
Terminal Wrench: A Dataset of 331 Reward-Hackable Environments and 3,632 Exploit Trajectories
The authors of this paper release Terminal Wrench, a subset of 331 terminal-agent benchmark environments, copied from the popular open benchmarks that are demonstrably reward-hackable. The data set includes 3,632 hack trajectories and 2,352 legitimate baseline trajectories across three frontier...
Bit-Flip Vulnerability of Shared KV-Cache Blocks in LLM Serving Systems
Rowhammer on GPU DRAM has enabled adversarial bit flips in model weights; shared KV-cache blocks in LLM serving systems present an analogous but previously unexamined target. In vLLM's Prefix Caching, these blocks exist as a single physical copy without integrity protection. Using software fault...
Original Sin of Npm: A Study on Vulnerability Propagation in JavaScript Dependency Networks
Understanding vulnerability propagation is essential for assessing how vulnerabilities spread across components of a software package. This supports more accurate impact analysis and enhances threat detection and mitigation. In this paper, we investigate how a small number of vulnerable JavaScrip...
GuardPhish: Securing Open-Source LLMs from Phishing Abuse
The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...
Explainable Attention-Based LSTM Framework for Early Detection of AI-Assisted Ransomware Via File System Behavioral Analysis
Ransomware continues to evolve as one of the most disruptive cyber threats, with recent variants increasingly leveraging automated and AI-assisted techniques to evade traditional signature-based defenses. Early detection of such attacks remains a significant challenge, particularly when malicious...
Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways
We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...
Global Web, Local Privacy? an International Review of Web Tracking
Web tracking by ad networks, social networks, and other third parties is privacy-invasive. To protect users' privacy an increasing number of countries are adopting new privacy laws. However, a major reason why their application on the web is so challenging is that privacy laws are local while the...
HarmChip: Evaluating Hardware Security Centric LLM Safety Via Jailbreak Benchmarking
The integration of large language models LLMs into electronic design automation EDA workflows has introduced powerful capabilities for RTL generation, verification, and design optimization, but also raises critical security concerns. Malicious LLM outputs in this domain pose hardware-level threat...
False Security Confidence in Benign LLM Code Generation
Prior work has demonstrated that functionally correct yet vulnerable outputs arise systematically in threat-oriented settings, where adversarial or implicit channels are used to induce security failures in code agents and automated patching workflows. This note introduces a complementary but...
Eclipse Che Machine-Exec WebSocket Service Exposure Detector
This Python script is a lightweight security detection tool designed to identify potentially exposed or misconfigured machine-exec WebSocket services associated with Eclipse Che running on port 3333...
QUACK! Making the (Rubber) Ducky Talk: A Systematic Study of Keystroke Dynamics for HID Injection Detection
Modern computing systems inherently trust human input devices, creating an exploitable attack surface for adversarial automation. USB Human Interface Device HID emulation attacks, such as those enabled by the USB Rubber Ducky, exploit this assumption to inject arbitrary keystroke sequences while...
GLPI 10.0.18 Log Exposure Probe Script Directory Leak Detection
This Python script is designed to assess a GLPI application for potential information disclosure vulnerabilities, specifically focusing on exposed log files and sensitive directories...
Surgical Repair of Insecure Code Generation in LLMs
Large language models write production code, and yet they routinely introduce well-known vulnerabilities. We show that this is not a knowledge deficit: the same models that generate insecure code, correctly identify and explain the vulnerability when asked directly, this is a gap we call the...
A Practical Semi-Quantum Signature Protocol with Improved Eavesdropping Detection
Semi-quantum signature SQS schemes aim to enable quantum signature functionality in scenarios where only a subset of participants possess full quantum capabilities, thereby improving practical deployability while preserving quantum security advantages. Within this framework, we present a practica...
Privacy-Aware Machine Unlearning with SISA for Reinforcement Learning-Based Ransomware Detection
Ransomware detection systems increasingly rely on behavior-based machine learning to address evolving attack strategies. However, emerging privacy compliance, data governance, and responsible AI deployment demand not only accurate detection but also the ability to efficiently remove the influence...
Dahua Security Assessment Tool - Authentication, Scan, and Exposure Testing Script
This Python script is a security assessment tool designed to evaluate the exposure and potential vulnerabilities of Dahua-based devices commonly IP cameras and NVR systems. It combines multiple testing modules into one CLI utility...
Modeling Sparse and Bursty Vulnerability Sightings: Forecasting under Data Constraints
Understanding and anticipating vulnerability-related activity is a major challenge in cyber threat intelligence. This work investigates whether vulnerability sightings, such as proof-of-concept releases, detection templates, or online discussions, can be forecast over time. Building on our earlie...
ConGISATA: A Framework for Continuous Gamified Information Security Awareness Training and Assessment
The incidence of cybersecurity attacks utilizing social engineering techniques has increased. Such attacks exploit the fact that in every secure system, there is at least one individual with the means to access sensitive information. Since it is easier to deceive a person than it is to bypass the...
Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence
Apple Intelligence is a generative AI GenAI service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and...
LLM4C2Rust: Large Language Models for Automated Memory-Safe Code Transpilation
Memory safety has long been a critical challenge in software engineering, particularly for legacy systems written in memory-unsafe languages such as C and C++. Rust, one of the youngest modern programming languages, offers built-in memory-safety guarantees that make it a strong candidate for secu...
CSLE: A Reinforcement Learning Platform for Autonomous Security Management
Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...
MLDAS: Machine Learning Dynamic Algorithm Selection for Software-Defined Networking Security
Network security is a critical concern in the digital landscape of today, with users demanding secure browsing experiences and protection of their personal data. This study explores the dynamic integration of Machine Learning ML algorithms with Software-Defined Networking SDN controllers to enhan...
NFTDELTA: Detecting Permission Control Vulnerabilities in NFT Contracts through Multi-View Learning
Permission control vulnerabilities in Non-fungible token NFT contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static...
Half-Moon Cookie: Private, Similarity-Based Blocklisting with TOCTOU-Attack Resilience
Blocklisting is a common technique for preventing the use of known malicious content. However, conventional blocklisting infrastructures require either the blocklist to be public or clients to reveal their queries to the blocklist server. In this work, we introduce a private blocklisting framewor...
RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code
How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...
MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems
The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...
Understanding Student Experiences with TLS Client Authentication
Mutual TLS mTLS provides strong, certificate-based authentication for both clients and servers, yet its adoption for user-facing websites remains rare. This paper presents a longitudinal study of mTLS usability, tracking 46 senior and graduate computer science students who configured client...
AndroScanner: Automated Backend Vulnerability Detection for Android Applications
Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting vulnerabilities in Android application backends through combined...
Windows Persistence Bits Job
This Metasploit module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots...
Challenges and Future Directions in Agentic Reverse Engineering Systems
Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...
Powershell Profile Persistence
This Metasploit module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean...
VeriCWEty: Embedding Enabled Line-Level CWE Detection in Verilog
Large Language Models LLMs have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses CWEs that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious...
Towards Personalizing Secure Programming Education with LLM-Injected Vulnerabilities
According to constructivist theory, students learn software security more effectively when examples are grounded in their own code. Generic examples often fail to connect with students' prior work, limiting engagement and understanding. Advances in LLMs are now making it possible to automatically...
Robustness Analysis of Machine Learning Models for IoT Intrusion Detection under Data Poisoning Attacks
Ensuring the reliability of machine learning-based intrusion detection systems remains a critical challenge in Internet of Things IoT environments, particularly as data poisoning attacks increasingly threaten the integrity of model training pipelines. This study evaluates the susceptibility of fo...
V2E: Validating Smart Contract Vulnerabilities through Profit-Driven Exploit Generation and Execution
Smart contracts are a critical component of blockchain systems. Due to the large amount of digital assets carried by smart contracts, their security is of critical importance. Although numerous tools have been developed for detecting smart contract vulnerability, their effectiveness remains...
Evaluating Differential Privacy against Membership Inference in Federated Learning: Insights from the NIST Genomics Red Team Challenge
While Federated Learning FL mitigates direct data exposure, the resulting trained models remain susceptible to membership inference attacks MIAs. This paper presents an empirical evaluation of Differential Privacy DP as a defense mechanism against MIAs in FL, leveraging the environment of the 202...
Robust Semi-Supervised Temporal Intrusion Detection for Adversarial Cloud Networks
Cloud networks increasingly rely on machine learning based Network Intrusion Detection Systems to defend against evolving cyber threats. However, real-world deployments are challenged by limited labeled data, non-stationary traffic, and adaptive adversaries. While semi-supervised learning can...
LLM-Guided Prompt Evolution for Password Guessing
Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...
Tamper-Proofing with Self-Modifying Code
Classical computability theory tells us that self-modifying code SMC on a deterministic universal Turing machine can be simulated by non-SMC code on the same model. That abstraction, however, omits the external timing inputs, concurrency, and microarchitectural state that dominate practical...
OpenSSL Toolkit 4.0.0
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 4.0 release...
Security and Resilience in Autonomous Vehicles: A Proactive Design Approach
Autonomous vehicles AVs promise efficient, clean and cost-effective transportation systems, but their reliance on sensors, wireless communications, and decision-making systems makes them vulnerable to cyberattacks and physical threats. This chapter presents novel design techniques to strengthen t...
Proxmark3 4.21611 Custom Firmware
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed "BREAKMEIFYOUCAN!"...