6803 matches found
Wertheim SafeController Hardware for VAULT ROOMS Missing Crypto / Insufficient TLS
Wertheim SafeController Hardware for VAULT ROOMS suffers from a lack of cryptographic protection, insufficient TLS encryption, and an undisclosed vulnerability. Affected versions include the Controller 65000 with AssemblyVersion 6.11.8130.22319 and Controller 5400 with AssemblyVersion...
Apache 2.4.66 HTTP/2 mod_http2 Web Server Fingerprinting / Risk Checker
Simple python script that extracts a webserver version and notes if it's Apache 2.4.66 or if the version isn't disclosed...
Apache 2.4.66 HTTP/2 mod_http2 Double-Free Denial of Service
This script is a multi-mode security tool that triggers a denial of service against Apache HTTP Server version 2.4.66 related to a double-free condition in HTTP/2 handling...
DoubtProbe: Black-Box Jailbreak Defense Via Structural Verification and Semantic Auditing
As large language models LLMs are increasingly deployed in user-facing systems, black-box jailbreak defense has become an important practical problem. Existing defenses often rely on known-attack coverage, prompt-level semantic judgment, or local runtime control, yet these paths can become unstab...
Your Privacy My Cloak: Backdoor Attacks on Differentially Private Federated Learning
Prior research suggests that differential privacy DP inherently enhances the robustness of federated learning FL against backdoor attacks. In this paper, we challenge this assumption. Through an empirical analysis of two baseline attack strategies, we uncover a fundamental tension in DP-FL: while...
SoK: Security and Privacy of Foundation-Model-Powered Robots
Foundation models are reshaping robotics by enabling robots to interpret open-ended instructions, reason over multimodal contexts, and operate in complex, open-world environments. However, their integration also introduces security and privacy S&P risks that extend beyond the FMs themselves to...
ARVO: Atlas of Reproducible Vulnerabilities for Open-Source Software
Achieving reproducibility, quantity, and diversity in vulnerability datasets has long been viewed as an inherent three-way trade-off, where improving one dimension often comes at the cost of the others. In practice, reproducibility has been the dimension most often neglected. This has limited wha...
MIPSBLEED: Uncovering Microarchitectural Timing Leaks in Pervasive Embedded Processors
Despite their age, MIPS processors remain deeply embedded in routers, industrial controllers, and IoT systems, yet their security against modern side-channel attacks has received little attention. This paper exposes how Simultaneous Multithreading SMT, a feature increasingly used to boost...
FreeType Scanner for Structural Anomaly Detection
This Python utility implements a heuristic analysis framework for inspecting TrueType glyph metadata and identifying structurally unusual or potentially problematic glyph configurations...
Joern 4.0.558
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
FreeType Glyph Parallel Range Scanner for Font Parsing Stability Testing
This Python tool performs automated glyph parsing validation across a configurable range of glyph indices within a font file using FreeType bindings. It loads the target font, extracts metadata such as family name, style, and glyph count, then iteratively tests glyph loading operations using...
WordPress GravityForms Intrusion Detection System
This Python script implements a lightweight Intrusion Detection System IDS designed to monitor and analyze HTTP requests related to Gravity Forms in WordPress environments...
FreeType SHZ Patch Validation Harness for Safe Glyph Processing Verification
This C validation tool is designed to verify that a security fix for a suspected SHZ-related vulnerability in the FreeType TrueType interpreter behaves correctly after patching...
FreeType SHZ Heap Buffer Overflow Verification Tool
This C proof of concept is designed to validate the presence of a potential heap buffer overflow in the TrueType bytecode interpreter of the FreeType library. The program initializes FreeType, loads a user-supplied modified TrueType font file, explicitly enables the interpreter mode, and attempts...
Di5Guise: 5G Privacy with VSIM
SIM cards have been the key building block of user authenticationand security in cellular networks. While they are meant to serve as privacy protecting elements in cellular communications, they can be the root cause of privacy loss. Current eSIMs come with a fixed device profile--comprising a...
SoK: AI-Augmented Binary Reversing
Binary reversing is fundamental to software understanding, vulnerability discovery, malware investigation, and firmware auditing. However, it remains inherently challenging due to the irreversible loss of semantic information during compilation. Recent advances in machine learning, large language...
SoK: Taxonomizing the Low-Level Attack Surface of Modern Web Browsers
The web browser remains one of the most exposed remote attack surfaces on end-user systems, and memory-corruption flaws continue to play a central role in real-world browser exploitation. Despite a decade of intensive browser testing and bug-disclosure efforts, the community still lacks an...
Graph Neural Networks at War: Integrating Cybersecurity and Drone Intelligence in the Israeli-Iranian Conflict
Physical cyber systems have brought about new threats and challenges in detection and immediate response. This study examines how Graph Neural Networks GNNs can be used to aid cybersecurity and drone management in a physical cyber system comprising of cyber intrusions and unmanned aerial vehicles...
A Data-Driven Security Quantification Framework for IoT-Based Systems
The Internet of Things IoT is integral to modern cyber-physical systems. Quantitative cybersecurity assessment in IoT environments remains challenging due to heterogeneous system architectures, evolving threat landscapes, and the limited availability of reliable probabilistic exploitability data...
From Third-Party to First-Party: Measuring and Protecting against Modern Web Tracking Mechanisms
Web user tracking has always been a cat-and-mouse game between privacy-conscious users and trackers. Recently, this conflict has driven a shift from third-party tracking toward first-party tracking FPT and server-side tracking SST. By relocating tracking logic to the browser's first-party context...
YARA-X 1.18.0
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is replacing YARA as the default pattern matching tool for malware...
FreeType SHZ 2.14.3 Font Parsing Analyzer for Glyph Stability Assessment
This Python script performs basic robustness testing of font parsing behavior using the FreeType bindings by loading a target font and iterating through a large set of glyph indices. For each glyph, it attempts non-scaled and non-hinted glyph loading while collecting exceptions that may indicate...
BGP Health Check Scanner
This Ruby script implements a lightweight network scanner for basic health verification of a BGP service. It connects to a target TCP port default 179 and performs a minimal, non-exploitative handshake using simplified BGP OPEN and KEEPALIVE messages based on the protocol structure used by the BI...
Maestro 0.17.0
Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...
FreeType Glyph Loader for Font Parsing Validation
This Python script uses the FreeType bindings to load and inspect a specified TrueType font file and test glyph parsing behavior for a chosen glyph index. It initializes a font face, displays basic metadata such as the font family name and glyph count, then attempts to load a target glyph using...
How Much Can We Trust LLM Search Agents? Measuring Endorsement Vulnerability to Web Content Manipulation
Large language model LLM-based search agents synthesize open-web content into actionable recommendations on behalf of users, creating a risk that attacker-published pages are transformed into endorsed claims. We introduce SearchGEO, a controlled evaluation framework for measuring endorsement...
Transferable Self-Evolving Playbooks for Agentic Security Auditing
An LLM agent for vulnerability discovery and validation is more than a model. It combines three components: an LLM for code analysis, an agent harness such as Codex or OpenCode for navigation, tool use, and execution, and an audit playbook, domain-specific procedural knowledge that guides the LLM...
Scalable Malware Family Classification Using Quantum Kernel Based Machine Learning
The classification of malware families is a key challenge in cybersecurity, which enables threat attribution, analysis of attack operations, and the formulation of effective defense strategies. Emerging malware samples are becoming increasingly structurally similar and obfuscated, making accurate...
Dynamic Malicious Skills in Agentic AI
Skills are a key enabling component of agentic AI. While they enhance agents' capabilities, they also introduce new attack surfaces. In this work, we investigate one such attack surface by demonstrating dynamic malicious skills. By embedding malicious instructions in natural-language documentatio...
SPARK: Security Knowledge Priming and Representation-Guided Knowledge Activation for LLM-Based Secure Code Generation
Large language models routinely generate code with exploitable security flaws. Prior literature attributes this limitation to a lack of security expertise, steering current defense mechanisms toward heavy fine-tuning or external knowledge retrieval, which introduces significant computational...
Measurement Study of Post-Quantum Readiness of Internet: 2026
The emergence of quantum computing presents a fundamental challenge to the security of current Internet communication systems. Transport Layer Security TLS, which forms the backbone of secure web communication, predominantly relies on classical public-key cryptographic algorithms such as RSA and...
FuseChain: Runtime Evidence Reconstruction for Software Supply-Chain Attacks
Software supply-chain SSC attacks are increasingly multi-stage, cross-source, and temporally distributed. A single attack campaign may leave weak and fragmented traces across multi-source telemetry that captures different granularities and perspectives of runtime behavior. Existing runtime...
Snyk VulnBench JS 1.0: Can LLMs Find the Same Bugs Twice?
We ran 300 repeated vulnerability-finding scans to measure how repeatable agentic large language model LLM security review is on the same JavaScript code, prompt, and benchmark harness. The headline result is that LLM security findings were unevenly repeatable: reference-matched findings were...
SkillVetBench: LLM-As-Judge for Multi-Dimensional Security Risk Evaluation in Open-Source LLM Agent Skills
Open-source LLM agent ecosystems are growing rapidly, yet the security of community-contributed skills - modular tool definitions that extend agent capabilities - remains largely unvetted. The gap we fill: existing scanners operate at the code layer and are structurally blind to instruction-layer...
Binary Decompilation LLM with Feedback-Driven Multi-Turn Refinement
Binary decompilation is fundamental to security tasks such as vulnerability discovery, malware inspection, and executable-only program understanding. Recent LLM-based decompilation methods have shown promising results, but most still follow a single-turn generation paradigm: given assembly code o...
Obliv-Clang: Real-World Oblivious Programming in C++
Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret throu...
MASCOT-Android: A Curated Dataset and Automated Collection Pipeline for Android Malware Source Code Specimens
Compared with binaries and decompiled code, malware source code more directly reflects the attackers' original intent. However, the scarcity of source code and the high cost of manual review make such datasets difficult to build and maintain. We propose MASCOT-Android, a curated dataset of Androi...
AttackonCTF: Defending Hardware Security Competition Benchmarks in the Age of LLMs
Hardware security competitions such as HackTheSilicon serve as benchmarking platforms for evaluating vulnerability detection methods and for training humans and AI. However, our study reveals that LLMs threaten their validity. Instead of genuine security reasoning, detectors exploit a diff-style...
Data-Centric Benchmarking of Exploit Generation in LLMs: Understanding the Impact of Fine-Tuning
We study the task of CVE-conditioned exploit generation, where a model drafts proof-of-concept PoC exploits given software vulnerability context. We adopt a data-centric approach, constructing a high-quality dataset via multi-stage preprocessing and introducing a scalable evaluation framework wit...
LLM: LSTM Look-Ahead Moving Target Defense Based on Historical Malicious Scan
Network scanning is a critical preliminary step for most adversaries to gain essential information before launching cyber attacks. Moving Target Defense MTD based on IP shuffling has emerged as a proactive defense strategy to counteract these reconnaissance efforts. Unlike static, reactive defens...
The Audit Gap in Blockchain Security: A Four-Year Empirical Study of Public Audit Findings and Real-World Exploit Incidents
This paper presents an empirical analysis of the Web3 security landscape over the four-year and three-month period from 1 January 2022 to 27 March 2026. The dataset combines 23,818 public audit findings produced by 22 independent security firms with 218 real-world exploit incidents documented by...
HTTP/2 Exposure Auditor
The script safely evaluates HTTP/2 exposure by negotiating ALPN, initiating a minimal HTTP/2 session, collecting server SETTINGS frames, and identifying potentially permissive protocol configurations. It avoids stream amplification, flooding behavior, connection fan-out, and sustained resource...
Evaluating LLMs for Obfuscation Detection and Classification in Android Apps
Android applications apps developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security...
Detecting Bot Detection: Prevalence, Techniques, and Implications for Web Measurement Research
Browser automation frameworks are essential tools for security and privacy research on the web, yet bot detection scripts increasingly probe their artifacts, threatening measurement validity as automated browsers may be blocked or served different content. Prior work measures detection deployment...
Investigating Metamorphic Fuzz Oracle Enhancement Via Large Language Models
Fuzz drivers are essential components of greybox fuzzing, as they encapsulate target interfaces, define test spaces, and largely determine fuzzing effectiveness. Existing fuzz drivers typically rely on crash-based oracles for security testing, overlooking library functionality and limiting bug...
Palo Alto GlobalProtect TLS Posture Scanner
This Metasploit auxiliary module is structured as a defensive assessment tool focused on TLS posture analysis and service identification for GlobalProtect deployments...
Breaking TinyML: Why Quantized Neural Networks Need Domain-Specific Security Analysis
Most TinyML hardware accelerators focus on supporting Quantized Neural Networks QNNs to meet stringent constraints on power consumption and size. Despite this, the security aspects of quantization within TinyML hardware remain largely unexplored. Although previous studies indicate that QNNs...
Security Engineering of OpenClaw: Analyzing Attack Surface Expansion and Trust-Boundary Violations
Agentic large language model LLM systems can now execute actions, not only produce text. When model outputs trigger privileged operations such as shell commands, browser automation, or external tool calls, the security problem shifts from alignment alone to system configuration and structural...
Giving AI a Headache: Acoustic Adversarial Attacks to Computer Vision Applications
Artificial Intelligence AI is increasingly used to automate a variety of real-world computer vision CV applications, such as autonomous vehicle control, facial recognition, and security cameras. Recent research has shown that acoustic vibration can induce real physical motion in cameras,...
FortiSandbox Endpoint Validation Tool
This Python script is a utility designed to evaluate the exposure and configuration state of a FortiSandbox deployment through publicly reachable management endpoints...