6746 matches found
AI-Generated PowerShell Malware: An Experimental Framework and Dataset
Generative AI has emerged as a significant cybersecurity threat, with several recent attack campaigns leveraging LLMs to generate code for malicious purposes via scripting languages such as PowerShell. Consequently, for cybersecurity analysts, it is imperative to investigate the offensive...
Multi-Level Distributional Entropy for Explainable Network Intrusion Detection
Machine learning network intrusion detection systems IDS rely on aggregate flow statistics that discard distributional structure, while established entropy measures require raw packet sequences unavailable in pre-aggregated flow datasets. We propose Multi-Level Distributional Entropy MDE, an...
American Fuzzy Lop plus plus 5.02c
Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc...
Benchmark AUC Is Not Deployable Reliability: A Cross-Dataset Audit of Off-The-Shelf Features for Surveillance Video Anomaly Detection
Automated "suspicious behavior" flagging is a headline promise of AI surveillance, and the field reports high frame-level ROC-AUC on standard video anomaly detection benchmarks. Those numbers are measured by training and testing on the same camera and scene. We audit what happens when that...
An Empirical Evaluation of Prompt Injection Vulnerabilities in Large Language Models across Multilingual and Obfuscated Attack Scenarios
Large Language Models LLMs have rapidly evolved, transforming industries by automating complex tasks and generating human-like content. However, as their adoption accelerates, prompt injection vulnerabilities have become increasingly apparent. Malicious actors exploit these weaknesses to generate...
Empirical Evaluation of Multi-Modal Touch Detection in Over-The-Shoulder Video Surveillance
Video Intelligence Surveillance VIDINT on over-the-shoulder footage is a proposed vector for monitoring human-computer interaction patterns without direct screen recording access. In this paper, we evaluate a Behavioral Intelligence BEHINT touch-detection framework designed to reconstruct keystro...
Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems
Novel safety, socio-economic, and ethical harms arising from the deployment of AI-based systems have led to a breadth of work seeking to map, measure, and mitigate against newly found risks. These works have heavily leveraged techniques and terminology from the fields of System Safety Engineering...
A Usable and Secure Bengali CAPTCHA
Text-based CAPTCHAs Completely Automated Public Turing test to tell Computers and Humans Apart have traditionally been a simple, affordable, lightweight, yet very effective security mechanism to distinguish human users from automated bots on the web, serving as a preventive measure against many...
Extending Detection Engineering to Digital Forensics: The Velociraptor Unified Detection-Forensics Methodology
Detection engineering and digital forensics have evolved in parallel rather than in partnership, leaving a gap between real-time alerting and forensic analysis. This paper develops a unified detection-forensics methodology using Velociraptor, where detection logic directly initiates targeted...
Understanding Binary Code Similarity for Real-World Vulnerability Detection: A Large-Scale Empirical Study
Firmware lies at the heart of IoT devices. Its development depends heavily on third-party libraries TPLs, which greatly accelerate the process but simultaneously introduce associated vulnerabilities. Binary Code Similarity Detection BCSD is an effective technique for identifying vulnerabilities i...
Cybersecurity Is the True Frontier for Generative AI Success or Failure
Cybersecurity is a real-life test-bed for many machine learning problems at once, especially when considering modern strides in using Large Language Models LLMs to automate processes as "agents.'' Cybersecurity workflows require orchestrating hundreds of standard and bespoke tools through various...
Towards Improved Anomaly Detection for Cloud Cybersecurity Via Graph Neural Networks
Detecting security threats in an organization's cloud computing environment has become necessary due to the increased reliance on cloud infrastructure. Logging of all cloud computing events enables investigation into any incidents after they are detected. Automated detection of threats using the...
FlipGuard: Defending Large Language Models against Quantization-Conditioned Backdoor Attacks
Model quantization is essential for the efficient deployment of Large Language Models LLMs, but introduces a critical vulnerability: Quantization-Conditioned Backdoor QCB attacks. In these attacks, malicious behaviors remain dormant in full-precision models and activate only after specific...
PLAA: Packet-Level Adversarial Attacks in Network Traffic Detection
Deep neural networks DNNs are widely applied in Network-based Intrusion Detection System NIDS due to their high accuracy. However, DNNs are highly susceptible to adversarial attacks, which generate malicious traffic to evade NIDS detection. Existing approaches often adapt adversarial attacks from...
How Humans, Bots, and Agents Communicate about Vulnerabilities in Pull Requests
Developers may reference vulnerabilities in pull request discussions through both explicit identifiers, such as CVEs or GHSAs, and implicit security-related language e.g., "unauthorized access" or "SQL injection". Prior work has primarily focused on explicit identifiers, potentially overlooking...
Decoys Cannot Go Everywhere: Mapping the Deception Surface in MITRE ATT&CK
Cyber deception research often assumes that a decoy can be placed wherever there is attacker behavior. This work tests that assumption across MITRE ATT&CK v18.1. We introduce a four-criterion rubric for infrastructure deception and apply it to all 250 ATT&CK techniques. The rubric evaluates wheth...
GTI-MSEMP Framework : A Proposed Framework to Stimulate Malware Propagation with Inclusion of Attacker-Defender Strategy
The rapid proliferation of automated, multi-vector malware threats poses a significant risk to heterogeneous, resource constrained cyber-physical networks. Conventional epidemiological models often treat security defenses as static parameters, failing to capture the strategic, asymmetric maneuver...
Ghost without Shell: Measuring Non-Interactive SSH Attacks on Honeypots
Cyber deception research has focused on improving honeypot deception capabilities to increase attacker engagement and extend their interactions to collect more and better intelligence. For SSH honeypots, this relies on the assumption that attackers log in, open a shell, and type. We tested whethe...
Joern 4.0.566
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
Decomposing Memorization Reduction in Privacy-Preserving Fine-Tuning of SLMs for CSIRTs
CSIRTs increasingly fine tune language models on vulnerability scan records, but these records expose internal network topology and create privacy risks under regulations such as GDPR and LGPD. We present the first empirical study of how DP SGD and HMAC pseudonymization interact when fine tuning...
Formal Security Analysis of Agent Protocol Composition
AI agent protocols define how agents use tools, delegate work, and coordinate across software systems, but their security requirements remain incomplete and inconsistently enforced across deployments. We present AgentThread, a source-linked framework for security assurance analysis of agent...
LLM Agents Security Duality: A Comprehensive Survey of Self-Security and Empowered Cybersecurity
Large language model LLM agents are rapidly being integrated into real-world systems. Their autonomy and tool-use capabilities generate substantial value while simultaneously expanding the security attack surface. This survey provides a comprehensive overview of the opportunities and challenges o...
LoadReload - Windows EDR Evasion Shellcode Loader
LoadReload is a Windows shellcode loader developed for academic malware research. It loads a shellcode payload from disk, applies multiple anti-analysis and endpoint detection evasion techniques—including API hashing, dynamic API resolution, anti-emulation timing checks, module stomping, memory...
Fortress and Gatekeeper: Theorizing Transitive Trust in Third-Party Cybersecurity Risk Governance
Third-party vendors, such as analytics platforms, cloud services, identity providers, and software suppliers, are increasingly embedded in digital service delivery. While these arrangements enable scale and specialization, they also move customer data and security-relevant practices into...
MIRROR: Novelty-Constrained Memory-Guided MCTS Red-Teaming for Agentic RAG
Multimodal agentic retrieval-augmented generation RAG systems expand the attack surface beyond prompt injection to include text poisoning, image injection, direct-query attacks, and orchestrator-level tool manipulation. Existing red-teaming approaches are typically surface-specific and often...
Inherited Circuits, Learned Semantics: How Fine-Tuning Creates Evasion Vulnerabilities Invisible to Standard Evaluation
LLMs fine-tuned for security classification are usually evaluated on held-out examples from the same distribution as their training data. We show that this can miss vulnerabilities introduced by fine-tuning itself: models can learn token-level indicator semantics that preserve canonical accuracy...
DroidBreaker: Practical and Functional Problem-Space Attacks on Machine-Learning Android Malware Detectors
Adversarial APKs are Android applications modified in the problem space to evade machine-learning malware detectors. In this work, we first show that, despite claims, existing problem-space attacks remain largely impractical. Most techniques leverage software transplantation to inject entire beni...
TOR Virtual Network Tunneling Tool 0.4.9.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
Lynis Auditing Tool 3.1.7
Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...
Application of LLMs to Threat Assessment of Foreign Peacekeeping Missions
We present a novel approach for applying Large Language Models LLMs to threat assessment in the context of foreign peacekeeping missions. Building on the PINPOINT project and its use case, the EU Monitoring Mission in Georgia, we combine an interdisciplinary risk-model with OSINT-based media...
IoT Product Cybersecurity Guidelines for the Federal Government Initial Public Draft
The National Institute of Standards and Technology NIST has announced it's request for public feedback on the initial draft of NIST SP 800-213r1 ipd / IoT Product Cybersecurity Guidelines for the Federal Government...
Tool Use Enables Undetectable Steganography in Multi-Agent LLM Systems
Increasingly autonomous agentic AI systems pose novel multi-agent risks, such as secret collusion via covert communication channels. The natural defence to these collusion attempts is to monitor plain-text communication, but the efficacy of monitors has been called into doubt by increasingly...
Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols
Apple AirDrop and Google/Samsung Quick Share are proximity file-transfer protocols used by over five billion devices, yet their application-layer security properties remain largely unstudied because both stacks are proprietary and undocumented. Both protocols are reachable from wireless proximity...
angr 9.2.222
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...
Beyond Takedown: Measuring Malicious Go Module Persistence in the Wild
We measure an automation-based supply chain campaign in the Go ecosystem. The attackers repackage legitimate Go modules under attacker-controlled owners, and embed them with obfuscated code for an import-triggered downloader. Our results come from two complementary analyses: a a manual search on...
CISA: Using SASE in a Modern TIC 3.0 Solution
CISA's guidance, The Journey to Zero Trust - Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections TIC 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the...
Joern 4.0.564
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
WPProbe Plugin Enumeration Tool 0.12.3
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...
NTForge Vulnerability Research / Exploit Reproduction Template
NTForge is a Windows 10/11 C++17 vulnerability-research and exploit-reproduction template intended for authorized testing and coordinated reporting to the Microsoft Security Response Center MSRC. It provides a documented native API resolver, internal structure references, safe memory primitives,...
Malware Distribution Via Browser-in-the-Browser Kit
Unit42 From Palo Alto Networks has discovered a Browser-in-the-Browser BitB campaign specifically tailored for malware delivery...
Dismantling FortiBleed: Inside a Russian Fortinet Compromise Operation
SOCRadar Threat Research Unit STRU has reported FortiBleed, a large-scale credential-harvesting operation targeting more than 430,000 FortiGate firewalls globally. The investigation also confirmed the breach of a NATO-aligned defense contractor. Based on the observed activity, the threat actor is...
YARA-X 1.19.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
Do (Not) Tell Me about My Insecurities: Assessing the Status Quo of Coordinated Vulnerability Disclosure in Germany Amid New EU Cybersecurity Regulations
In our increasingly interconnected world, good IT security practices are necessary to prevent vulnerabilities and data breaches. Providing security contacts, e.g., via Coordinated Vulnerability Disclosure CVD programs or security.txt files, is an important practice for businesses to facilitate...
CrypFormBench: Benchmarking Formal Analysis Capability of Large Language Models for Cryptographic Schemes
Manual formal analysis of cryptographic schemes is labor-intensive and requires substantial expertise. While model-checking tools e.g., Scyther and Tamarin and computational-security tools e.g., CryptoVerif and EasyCrypt improve the automation of security proofs, they still rely on experts to...
Flounder 0.1.0
Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...
Helpful or Harmful? Evaluating LLM-Assisted Vulnerability Patching Via a Human Study
Software vulnerability remediation is a cognitively demanding task that requires specialized security expertise often lacking in general developers. In the meantime, Large Language Models LLMs assisted tools show potential in vulnerability detection, location, and repair tasks. Hypothesis: While...
Space-Based Missile Defense
This paper reviews the technical issues underlying space-based boost-phase missile defense and examines the current technology available for space-based interceptors and the characteristics of the missiles such a system would face. It then analyzes a particular space-based missile defense system...
Information Flow Security on Persistent Memory
Persistent memory is a recently proposed memory paradigm that delivers many system-wide benefits, including improved runtime efficiency and the ability of programs to recover from power outages and system crashes. While recent research has investigated techniques for proving functional correctnes...
CyberChainBench: Can AI Agents Secure Smart Contracts against Real-World On-Chain Vulnerabilities?
We present CyberChainBench, a benchmark for evaluating LLM-based agents on smart contract security across three complementary tasks: vulnerability detection, exploit generation, and patch synthesis. Built from 541 real-world exploit incidents from DeFiHackLabs spanning 9 EVM chains, the benchmark...
Reinforcement Learning for Software Vulnerability Analysis: A Systematic Review with Emphasis on C/C++ Source Code and Static Analysis
Vulnerability detection in C/C++ software remains a major security challenge due to code complexity, manual memory management, and the limitations of traditional static analysis. Reinforcement Learning RL has emerged as a promising approach, particularly for fuzzing, test generation, program...