6771 matches found
TOR Virtual Network Tunneling Tool 0.4.9.10
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow...
LoadReload - Windows EDR Evasion Shellcode Loader
LoadReload is a Windows shellcode loader developed for academic malware research. It loads a shellcode payload from disk, applies multiple anti-analysis and endpoint detection evasion techniques—including API hashing, dynamic API resolution, anti-emulation timing checks, module stomping, memory...
Lynis Auditing Tool 3.1.7
Lynis is an auditing tool for Unix specialists. It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated...
Fortress and Gatekeeper: Theorizing Transitive Trust in Third-Party Cybersecurity Risk Governance
Third-party vendors, such as analytics platforms, cloud services, identity providers, and software suppliers, are increasingly embedded in digital service delivery. While these arrangements enable scale and specialization, they also move customer data and security-relevant practices into...
DroidBreaker: Practical and Functional Problem-Space Attacks on Machine-Learning Android Malware Detectors
Adversarial APKs are Android applications modified in the problem space to evade machine-learning malware detectors. In this work, we first show that, despite claims, existing problem-space attacks remain largely impractical. Most techniques leverage software transplantation to inject entire beni...
IoT Product Cybersecurity Guidelines for the Federal Government Initial Public Draft
The National Institute of Standards and Technology NIST has announced it's request for public feedback on the initial draft of NIST SP 800-213r1 ipd / IoT Product Cybersecurity Guidelines for the Federal Government...
MIRROR: Novelty-Constrained Memory-Guided MCTS Red-Teaming for Agentic RAG
Multimodal agentic retrieval-augmented generation RAG systems expand the attack surface beyond prompt injection to include text poisoning, image injection, direct-query attacks, and orchestrator-level tool manipulation. Existing red-teaming approaches are typically surface-specific and often...
Protocol Prying: Systematic Vulnerability Research in the Apple AirDrop and Android Quick Share Proximity Transfer Protocols
Apple AirDrop and Google/Samsung Quick Share are proximity file-transfer protocols used by over five billion devices, yet their application-layer security properties remain largely unstudied because both stacks are proprietary and undocumented. Both protocols are reachable from wireless proximity...
Nanoelectromechanical Systems (NEMS) for Hardware Security in Advanced Packaging
As hardware security threats escalate across semiconductor manufacturing and advanced packaging, there is a growing need for novel physical mechanisms to counter sophisticated attacks such as tampering, counterfeiting, and supply chain infiltration. This paper presents Nanoelectromechanical Syste...
Information Flow Security on Persistent Memory
Persistent memory is a recently proposed memory paradigm that delivers many system-wide benefits, including improved runtime efficiency and the ability of programs to recover from power outages and system crashes. While recent research has investigated techniques for proving functional correctnes...
WPProbe Plugin Enumeration Tool 0.12.3
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...
Space-Based Missile Defense
This paper reviews the technical issues underlying space-based boost-phase missile defense and examines the current technology available for space-based interceptors and the characteristics of the missiles such a system would face. It then analyzes a particular space-based missile defense system...
Do (Not) Tell Me about My Insecurities: Assessing the Status Quo of Coordinated Vulnerability Disclosure in Germany Amid New EU Cybersecurity Regulations
In our increasingly interconnected world, good IT security practices are necessary to prevent vulnerabilities and data breaches. Providing security contacts, e.g., via Coordinated Vulnerability Disclosure CVD programs or security.txt files, is an important practice for businesses to facilitate...
NTForge Vulnerability Research / Exploit Reproduction Template
NTForge is a Windows 10/11 C++17 vulnerability-research and exploit-reproduction template intended for authorized testing and coordinated reporting to the Microsoft Security Response Center MSRC. It provides a documented native API resolver, internal structure references, safe memory primitives,...
YARA-X 1.19.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
CrypFormBench: Benchmarking Formal Analysis Capability of Large Language Models for Cryptographic Schemes
Manual formal analysis of cryptographic schemes is labor-intensive and requires substantial expertise. While model-checking tools e.g., Scyther and Tamarin and computational-security tools e.g., CryptoVerif and EasyCrypt improve the automation of security proofs, they still rely on experts to...
Flounder 0.1.0
Flounder turns modern coding agents into an end-to-end security audit system. Give it an authorized target boundary - a repository, source tree, package, deployed clue, or prior run - and the agent can prepare the workspace, read the code and supporting material, map the attack surface, dig into...
Helpful or Harmful? Evaluating LLM-Assisted Vulnerability Patching Via a Human Study
Software vulnerability remediation is a cognitively demanding task that requires specialized security expertise often lacking in general developers. In the meantime, Large Language Models LLMs assisted tools show potential in vulnerability detection, location, and repair tasks. Hypothesis: While...
Beyond Takedown: Measuring Malicious Go Module Persistence in the Wild
We measure an automation-based supply chain campaign in the Go ecosystem. The attackers repackage legitimate Go modules under attacker-controlled owners, and embed them with obfuscated code for an import-triggered downloader. Our results come from two complementary analyses: a a manual search on...
Malware Distribution Via Browser-in-the-Browser Kit
Unit42 From Palo Alto Networks has discovered a Browser-in-the-Browser BitB campaign specifically tailored for malware delivery...
angr 9.2.222
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...
CISA: Using SASE in a Modern TIC 3.0 Solution
CISA's guidance, The Journey to Zero Trust - Using Secure Access Service Edge in a Modern TIC 3.0 Solution, details how the Trusted Internet Connections TIC 3.0 initiative is helping agencies modernize the way their users connect to applications, data and services. While federal agencies are the...
Joern 4.0.564
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
CyberChainBench: Can AI Agents Secure Smart Contracts against Real-World On-Chain Vulnerabilities?
We present CyberChainBench, a benchmark for evaluating LLM-based agents on smart contract security across three complementary tasks: vulnerability detection, exploit generation, and patch synthesis. Built from 541 real-world exploit incidents from DeFiHackLabs spanning 9 EVM chains, the benchmark...
Reinforcement Learning for Software Vulnerability Analysis: A Systematic Review with Emphasis on C/C++ Source Code and Static Analysis
Vulnerability detection in C/C++ software remains a major security challenge due to code complexity, manual memory management, and the limitations of traditional static analysis. Reinforcement Learning RL has emerged as a promising approach, particularly for fuzzing, test generation, program...
Dismantling FortiBleed: Inside a Russian Fortinet Compromise Operation
SOCRadar Threat Research Unit STRU has reported FortiBleed, a large-scale credential-harvesting operation targeting more than 430,000 FortiGate firewalls globally. The investigation also confirmed the breach of a NATO-aligned defense contractor. Based on the observed activity, the threat actor is...
PowerFuzz: Power-Based Black-Box Firmware Fuzzing
Fuzzing is widely used for software and hardware verification, offering an effective alternative to random testing. While gray-box fuzzers benefit from full visibility into the system under test and can leverage execution feedback such as branch coverage, these approaches are not applicable when...
Burnyard: Future of Malware Analysis
Malware analysis is a critical aspect of modern cybersecurity. The prevailing industry practice, sandboxing, involves executing suspicious binaries within isolated virtual machines in large-scale data centers. However, this approach can unintentionally expose samples to public platforms such as...
Poisoned Playbooks: Demystifying Knowledge Poisoning Effects on AI Security Agents
AI security agents increasingly rely on Retrieval-Augmented Generation RAG to use external security knowledge for vulnerability analysis and exploit reasoning. This creates a new risk: poisoned write-ups can be operationalized into incorrect exploit behavior. Yet, prior work on RAG poisoning has...
HelpBench: Assessing the Ability of LLMs to Provide Privacy, Safety, and Security Advice
This paper introduces HelpBench, a benchmark for assessing whether LLMs are capable of providing accurate help in response to questions about digital privacy, safety, and security. We curated 450 questions representing authentic user situations and developed rubrics for each question to evaluate...
Inside Crypter-As-A-Service: An Ecosystem Analysis of the Exploit.In Underground Forum Research Talks
Crypter-as-a-Service CraaS has become a key enabling layer of the contemporary malware economy by providing on-demand evasion capabilities through underground service markets. In this paper, we present a longitudinal characterization of the CraaS ecosystem on exploit.in, a major Russian-language...
A Hybrid CNN-LSTM Intrusion Detection Framework for Cybersecurity in Smart Renewable Energy Grids
The accelerated digitalization of renewable energy smart grids through IoT sensors, AMI, and SCADA systems has significantly expanded the attack surface for sophisticated cyberattacks, FDI attacks that stealthily distort state estimation and DoS/DDoS attacks that flood communication channels...
Decoupling Reconnaissance and Exploitation: Measuring the Capability Boundaries of LLM-Based Web Penetration Testing
Large Language Models LLMs have shown promise for automated penetration testing, yet existing end-to-end black-box evaluations are highly susceptible to error cascading: failures in early reconnaissance can mask an agent's actual ability to exploit vulnerabilities. To more accurately characterize...
Red-Teaming the Agentic Red-Team
The use of agentic systems to perform offensive security operations has moved from a theoretical possibility to a commoditized capability. However, while the community has focused on creating more and more capable agents, less attention has been allocated to assessing the security of those system...
Representation Matters: An Empirical Study of Program Representations for LLM Vulnerability Reasoning
Large Language Models LLMs are increasingly used for automated vulnerability detection, but it remains unclear how program structure and semantics should be represented for LLM-based reasoning. Most prompting-based approaches provide raw source code, implicitly assuming that more source-level...
Poster: Exploring the Limits of Audio-Based Detection of Turkish Phone Call Scams
Scam phone calls exploit vulnerable communities worldwide, yet research on detection has focused almost exclusively on English and other high-resource languages. In low-resource settings such as Turkish, detection is especially difficult, as annotated data is scarce and technological defenses...
A Quantum Algorithm for One-Shot Signatures
We provide a pre-obfuscation circuit-level implementation of an efficient one shot signature scheme, which has known applications to delegated signatures, secured token transfer, and publicly verifiable randomness. The algorithm consists of two stages: a key generation stage where a classical...
Understanding the Stealthy BGP Hijacking Risk in the ROV Era
The partial deployment of Route Origin Validation ROV poses an unexpected security threat known as stealthy BGP hijacking, i.e., a particularly elusive form of BGP hijacking where malicious routes divert traffic without reaching and thus alerting the victims. This risk remains largely unexplored,...
Maestro 0.17.1
Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...
Faraday 5.22.0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...
CITADEL: CSI-Based Jamming Detection and Open-Set Classification for IIoT Networks
Radio frequency jamming poses a critical threat to the availability of wireless Industrial Internet of Things IIoT networks. Existing detection and classification techniques are poorly suited to this setting: coarse signal-strength and cross-layer features lack information richness, while raw I/Q...
CVE MCP Server 0.2.0
CVE MCP Server is a production-grade Model Context Protocol MCP server that turns Claude into a full-spectrum security analyst. Instead of juggling 15+ browser tabs across NVD, EPSS, CISA KEV, Shodan, VirusTotal, and GreyNoise, ask Claude one question and get correlated intelligence in seconds...
A Hybrid Intrusion Detection System for Electric Vehicle Charging Infrastructure
The integration of Electric Vehicle Charging Stations EVCSs into the smart grid necessitates sophisticated digital infrastructure for their management and coordination, which expands the attack surface and makes both the power grid and EVCSs vulnerable to cyberattacks. This research addresses...
Joern 4.0.562
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
RIFT-Bench: Dynamic Red-Teaming for Agentic AI Systems
Agentic AI systems powered by large language models LLMs are rapidly evolving into autonomous decision-making systems, exposing attack vectors beyond those of traditional LLM vulnerabilities. Existing security evaluations are often tied to specific implementations or domains, limiting unified...
PixJail: Self-Evolving Paper-To-Pipeline Reproduction for Text-To-Image Jailbreak Evaluation
As Text-to-Image T2I jailbreak techniques evolve rapidly, existing benchmarks and reproduction workflows often struggle to keep pace. More importantly, T2I jailbreak evaluation is not a single prompt-level test, but a pipeline-level problem shaped by multiple stages, including prompt...
Detecting Malicious Agent Skills in the Wild Using Attention
LLM agents increasingly load skills, file-based packages of natural-language instructions written by third parties and distributed through marketplaces, that execute with the user's privileges. A single malicious skill can exfiltrate data, hijack the agent, or persist as a supply-chain foothold,...
AI Toolchain Hijacked: IDE Plugin API Key Theft
Whitepaper called AI Toolchain Hijacked: IDE Plugin API Key Theft. The proliferation of AI-assisted development tools has substantially changed how developers configure and manage credentials in their working environment. Where a developer's IDE once contained little more than syntax highlighting...
AutoPRAC: Automating Attack Discovery for PRAC-Based Rowhammer Defenses Using Model Checkers
Per-Row Activation Counting PRAC in DDR5 is a specification to mitigate Rowhammer attacks by tracking activations per row and triggering mitigative refreshes when needed. However, the security of PRAC designs is currently evaluated using human-crafted attack patterns and we lack formal verificati...
WPProbe Plugin Enumeration Tool 0.12.1
A fast WordPress plugin and theme scanner that detects installed plugins via REST API enumeration and themes from HTML discovery, then maps them to known vulnerabilities. Over 5,000 plugins detectable without brute-force, thousands more with it...