6850 matches found
Microsoft SharePoint Privilege Escalation
This script exploits a vulnerability in Microsoft SharePoint Server allowing remote attackers to escalate privileges on affected installations. While this script focuses on elevation of privilege, attackers with malicious intent might chain this vulnerability with a remote code execution...
Confluence Broken Access Control
This script is designed to exploit the CVE-2023-22515 vulnerability in Confluence, which allows for unauthorized access to Confluence Server and Confluence Data Center instances. The vulnerability is categorized as a broken access control issue and has a CVSS base score of 10.0...
Simulation in Cybersecurity: Understanding Techniques, Applications, and Goals
Modeling and simulation are widely used in cybersecurity research to assess cyber threats, evaluate defense mechanisms, and analyze vulnerabilities. However, the diversity of application areas, the variety of cyberattacks scenarios, and the differing objectives of these simulations makes it...
Symbolic Execution in Practice: a Survey of Applications in Vulnerability, Malware, Firmware, and Protocol Analysis
Symbolic execution is a powerful program analysis technique that allows for the systematic exploration of all program paths. Path explosion, where the number of states to track becomes unwieldy, is one of the biggest challenges hindering symbolic execution's practical application. To combat this,...
Membership Inference Attack with Partial Features
Machine learning models have been shown to be susceptible to membership inference attack, which can be used to determine whether a given sample appears in the training data. Existing membership inference methods commonly assume that the adversary has full access to the features of the target...
MALRIS: Malicious Hardware in RIS-Assisted Wireless Communications
Reconfigurable intelligent surfaces RIS enhance wireless communication by dynamically shaping the propagation environment, but their integration introduces hardware-level security risks. This paper presents the concept of Malicious RIS MALRIS, where compromised components behave adversarially, ev...
CitrixBleed 2 Mass Scanner
This script is a mass scanner for the CitrixBleed 2 vulnerability...
Latent Fusion Jailbreak: Blending Harmful and Harmless Representations to Elicit Unsafe LLM Outputs
Large language models LLMs demonstrate impressive capabilities in various language tasks but are susceptible to jailbreak attacks that circumvent their safety alignments. This paper introduces Latent Fusion Jailbreak LFJ, a representation-based attack that interpolates hidden states from harmful...
WordPress Bricks 1.9.6 Remote Code Execution
This tool is designed to exploit the CVE-2024-25600 vulnerability found in the Bricks Builder plugin for WordPress versions 1.9.6 and below. The vulnerability allows for unauthenticated remote code execution on affected websites. The tool automates the exploitation process by retrieving nonces an...
Topology Generation of UAV Covert Communication Networks: a Graph Diffusion Approach with Incentive Mechanism
With the growing demand for Uncrewed Aerial Vehicle UAV networks in sensitive applications, such as urban monitoring, emergency response, and secure sensing, ensuring reliable connectivity and covert communication has become increasingly vital. However, dynamic mobility and exposure risks pose...
Zimbra Postjournal Command Execution
CVE-2024-45519 is a vulnerability in Zimbra Collaboration ZCS that allows unauthenticated users to execute commands through the postjournal service. This guide walks you through setting up a lab environment to reproduce the issue and execute the exploit...
Beyond Uniform Criteria: Scenario-Adaptive Multi-Dimensional Jailbreak Evaluation
Precise jailbreak evaluation is vital for LLM red teaming and jailbreak research. Current approaches employ binary classification e.g., string matching, toxic text classifiers, LLM-driven methods, yielding only "yes/no" labels without quantifying harm intensity. Existing multi-dimensional...
WordPress Backup Migration 1.3.7 Remote Code Execution
The Backup Migration plugin for WordPress is vulnerable to remote Code execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. An attacker can control the values passed to an include statement, leveraging that to achieve remote code execution. This...
RL-MoE: an Image-Based Privacy Preserving Approach in Intelligent Transportation System
The proliferation of AI-powered cameras in Intelligent Transportation Systems ITS creates a severe conflict between the need for rich visual data and the fundamental right to privacy. Existing privacy-preserving mechanisms, such as blurring or encryption, are often insufficient, creating an...
Performance and Storage Analysis of CRYSTALS Kyber As a Post Quantum Replacement for RSA and ECC
The steady advancement in quantum computer error correction technology has pushed the current record to 48 stable logical qubits, bringing us closer to machines capable of running Shor's algorithm at scales that threaten RSA and ECC cryptography. While the timeline for developing such quantum...
PRvL: Quantifying the Capabilities and Risks of Large Language Models for PII Redaction
Redacting Personally Identifiable Information PII from unstructured text is critical for ensuring data privacy in regulated domains. While earlier approaches have relied on rule-based systems and domain-specific Named Entity Recognition NER models, these methods fail to generalize across formats...
Quantum Circuit Benchmarking on IBM Brisbane: Performance Insights from Superconducting Qubit Models
This paper investigates quantum communication using superconducting qubits, emphasizing the simulation and control of quantum systems via IBM Brisbane quantum processor. We focus on implementing fundamental quantum gates and analyzing the evolution of entangled states, which are essential for...
Secure and Practical Quantum Digital Signatures
Digital signatures represent a crucial cryptographic asset that must be protected against quantum adversaries. Quantum Digital Signatures QDS can offer solutions that are information-theoretically IT secure and thus immune to quantum attacks. In this work, we analyze three existing practical QDS...
Incident Response Planning Using a Lightweight Large Language Model with Reduced Hallucination
Timely and effective incident response is key to managing the growing frequency of cyberattacks. However, identifying the right response actions for complex systems is a major technical challenge. A promising approach to mitigate this challenge is to use the security knowledge embedded in large...
Optimizing IoT Threat Detection with Kolmogorov-Arnold Networks (KANs)
The exponential growth of the Internet of Things IoT has led to the emergence of substantial security concerns, with IoT networks becoming the primary target for cyberattacks. This study examines the potential of Kolmogorov-Arnold Networks KANs as an alternative to conventional machine learning...
Efficient Mediated Multiparty Semi-Quantum Secret Sharing Protocol Based on Single-Qubit Reordering
Typical multiparty semi-quantum secret sharing MSQSS protocols require the dealer to possess full quantum capabilities, while the classical users usually need to perform three operations. To address this practical limitation, this paper introduces a new mediated MSQSS protocol that enables Alice,...
A Comparative Performance Evaluation of Kyber, Sntrup761, and FrodoKEM for Post-Quantum Cryptography
Post-quantum cryptography PQC aims to develop cryptographic algorithms that are secure against attacks from quantum computers. This paper compares the leading postquantum cryptographic algorithms, such as Kyber, sntrup761, and FrodoKEM, in terms of their security, performance, and real-world...
Enhancing Software Vulnerability Detection through Adaptive Test Input Generation Using Genetic Algorithm
Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based method for test input generation that innovatively...
Semi-Supervised Supply Chain Fraud Detection with Unsupervised Pre-Filtering
Detecting fraud in modern supply chains is a growing challenge, driven by the complexity of global networks and the scarcity of labeled data. Traditional detection methods often struggle with class imbalance and limited supervision, reducing their effectiveness in real-world applications. This...
System Security Framework for 5G Advanced /6G IoT Integrated Terrestrial Network-Non-Terrestrial Network (TN-NTN) with AI-Enabled Cloud Security
The integration of Terrestrial Networks TN and Non-Terrestrial Networks NTN, including 5G Advanced/6G and the Internet of Things IoT technologies, using Low Earth Orbit LEO satellites, high-altitude platforms HAPS, and Unmanned Aerial Vehicles UAVs, is redefining the landscape of global...
Non-Omniscient Backdoor Injection with a Single Poison Sample: Proving the One-Poison Hypothesis for Linear Regression and Linear Classification
Backdoor injection attacks are a threat to machine learning models that are trained on large data collected from untrusted sources; these attacks enable attackers to inject malicious behavior into the model that can be triggered by specially crafted inputs. Prior work has established bounds on th...
Tigo Energy CCA Command Injection
This repository contains a proof of concept exploit exploit for CVE‑2025‑7769, a critical remote command injection vulnerability found in Tigo Energy CCA appliances exposing the /cgi-bin/mobileapi endpoint...
Exploring Satellite Quantum Key Distribution under Atmospheric Constraints
Satellite Quantum Key Distribution creates a pathway for secure global communication with a level of security that is peerless. However, ground-to-satellite Quantum Key Distribution links are degraded due to the atmospheric turbulence. This paper gives a numerical framework using angular spectrum...
An Overview of 7726 User Reports: Uncovering SMS Scams and Scammer Strategies
Mobile network operators implement firewalls to stop illicit messages, but scammers find ways to evade detection. Previous work has looked into SMS texts that are blocked by these firewalls. However, there is little insight into SMS texts that bypass them and reach users. To this end, we...
Secure Quantum Key Distribution Via Entangled Quantum Walkers
Quantum Key Distribution QKD is an emerging cryptographic method designed for secure key sharing. Its security is theoretically guaranteed by fundamental principles of quantum mechanics, making it a leading candidate for future communication protocols. Quantum Random Walks QRWs, on the other hand...
Log2Sig: Frequency-Aware Insider Threat Detection Via Multivariate Behavioral Signal Decomposition
Insider threat detection presents a significant challenge due to the deceptive nature of malicious behaviors, which often resemble legitimate user operations. However, existing approaches typically model system logs as flat event sequences, thereby failing to capture the inherent frequency dynami...
Drone Detection with Event Cameras
The diffusion of drones presents significant security and safety challenges. Traditional surveillance systems, particularly conventional frame-based cameras, struggle to reliably detect these targets due to their small size, high agility, and the resulting motion blur and poor performance in...
From Split to Share: Private Inference with Distributed Feature Sharing
Cloud-based Machine Learning as a Service MLaaS raises serious privacy concerns when handling sensitive client data. Existing Private Inference PI methods face a fundamental trade-off between privacy and efficiency: cryptographic approaches offer strong protection but incur high computational...
From Learning to Unlearning: Biomedical Security Protection in Multimodal Large Language Models
The security of biomedical Multimodal Large Language Models MLLMs has attracted increasing attention. However, training samples easily contain private information and incorrect knowledge that are difficult to detect, potentially leading to privacy leakage or erroneous outputs after deployment. An...
Prompt Injection Vulnerability of Consensus Generating Applications in Digital Democracy
Large Language Models LLMs are gaining traction as a method to generate consensus statements and aggregate preferences in digital democracy experiments. Yet, LLMs may introduce critical vulnerabilities in these systems. Here, we explore the impact of prompt-injection attacks targeting consensus...
AuthPrint: Fingerprinting Generative Models against Malicious Model Providers
Generative models are increasingly adopted in high-stakes domains, yet current deployments offer no mechanisms to verify the origin of model outputs. We address this gap by extending model fingerprinting techniques beyond the traditional collaborative setting to one where the model provider may a...
Optimizing Preventive and Reactive Defense Resource Allocation with Uncertain Sensor Signals
Cyber attacks continue to be a cause of concern despite advances in cyber defense techniques. Although cyber attacks cannot be fully prevented, standard decision-making frameworks typically focus on how to prevent them from succeeding, without considering the cost of cleaning up the damages...
Evaluating Selective Encryption against Gradient Inversion Attacks
Gradient inversion attacks pose significant privacy threats to distributed training frameworks such as federated learning, enabling malicious parties to reconstruct sensitive local training data from gradient communications between clients and an aggregation server during the aggregation process...
SelectiveShield: Lightweight Hybrid Defense against Gradient Leakage in Federated Learning
Federated Learning FL enables collaborative model training on decentralized data but remains vulnerable to gradient leakage attacks that can reconstruct sensitive user information. Existing defense mechanisms, such as differential privacy DP and homomorphic encryption HE, often introduce a...
Secure Development of a Hooking-Based Deception Framework against Keylogging Techniques
Keyloggers remain a serious threat in modern cybersecurity, silently capturing user keystrokes to steal credentials and sensitive information. Traditional defenses focus mainly on detection and removal, which can halt malicious activity but do little to engage or mislead adversaries. In this pape...
Privacy Risk Predictions Based on Fundamental Understanding of Personal Data and an Evolving Threat Landscape
It is difficult for individuals and organizations to protect personal information without a fundamental understanding of relative privacy risks. By analyzing over 5,000 empirical identity theft and fraud cases, this research identifies which types of personal data are exposed, how frequently...
Attack Pattern Mining to Discover Hidden Threats to Industrial Control Systems
This work focuses on validation of attack pattern mining in the context of Industrial Control System ICS security. A comprehensive security assessment of an ICS requires generating a large and variety of attack patterns. For this purpose we have proposed a data driven technique to generate attack...
atjiu pybbs 6.0.0 Cross Site Scripting
atjiu pybbs versions 6.0.0 and below suffer from a cross site scripting vulnerability...
MambaITD: an Efficient Cross-Modal Mamba Network for Insider Threat Detection
Enterprises are facing increasing risks of insider threats, while existing detection methods are unable to effectively address these challenges due to reasons such as insufficient temporal dynamic feature modeling, computational efficiency and real-time bottlenecks and cross-modal information...
Multi-Stage Knowledge-Distilled VGAE and GAT for Robust Controller-Area-Network Intrusion Detection
The Controller Area Network CAN protocol is a standard for in-vehicle communication but remains susceptible to cyber-attacks due to its lack of built-in security. This paper presents a multi-stage intrusion detection framework leveraging unsupervised anomaly detection and supervised graph learnin...
SVC 2025: the First Multimodal Deception Detection Challenge
Deception detection is a critical task in real-world applications such as security screening, fraud prevention, and credibility assessment. While deep learning methods have shown promise in surpassing human-level performance, their effectiveness often depends on the availability of high-quality a...
Isolate Trigger: Detecting and Eradicating Evade-Adaptive Backdoors
All current detection of backdoor attacks on deep learning models fall under the category of a non essential featuresNEF, which focus on fighting against simple and efficient vertical class backdoor -- trigger is small, few and not overlapping with the source. Evade-adaptive backdoor EAB attacks...
Per-Element Secure Aggregation against Data Reconstruction Attacks in Federated Learning
Federated learning FL enables collaborative model training without sharing raw data, but individual model updates may still leak sensitive information. Secure aggregation SecAgg mitigates this risk by allowing the server to access only the sum of client updates, thereby concealing individual...
Measuring the Carbon Footprint of Cryptographic Privacy-Enhancing Technologies
Privacy-enhancing technologies PETs have attracted significant attention in response to privacy regulations, driving the development of applications that prioritize user data protection. At the same time, the information and communication technology ICT sector faces growing pressure to reduce its...
Leveraging Large Language Models for SQL Behavior-Based Database Intrusion Detection
Database systems are extensively used to store critical data across various domains. However, the frequency of abnormal database access behaviors, such as database intrusion by internal and external attacks, continues to rise. Internal masqueraders often have greater organizational knowledge,...