6819 matches found
MASCOT-Android: A Curated Dataset and Automated Collection Pipeline for Android Malware Source Code Specimens
Compared with binaries and decompiled code, malware source code more directly reflects the attackers' original intent. However, the scarcity of source code and the high cost of manual review make such datasets difficult to build and maintain. We propose MASCOT-Android, a curated dataset of Androi...
Binary Decompilation LLM with Feedback-Driven Multi-Turn Refinement
Binary decompilation is fundamental to security tasks such as vulnerability discovery, malware inspection, and executable-only program understanding. Recent LLM-based decompilation methods have shown promising results, but most still follow a single-turn generation paradigm: given assembly code o...
Obliv-Clang: Real-World Oblivious Programming in C++
Side-channel vulnerabilities, particularly timing and access-pattern-based attacks, have become critical issues for confidential data processing in trusted environments. Oblivious programming is an effective approach to alleviate these attacks by making program execution not leak any secret throu...
AttackonCTF: Defending Hardware Security Competition Benchmarks in the Age of LLMs
Hardware security competitions such as HackTheSilicon serve as benchmarking platforms for evaluating vulnerability detection methods and for training humans and AI. However, our study reveals that LLMs threaten their validity. Instead of genuine security reasoning, detectors exploit a diff-style...
The Audit Gap in Blockchain Security: A Four-Year Empirical Study of Public Audit Findings and Real-World Exploit Incidents
This paper presents an empirical analysis of the Web3 security landscape over the four-year and three-month period from 1 January 2022 to 27 March 2026. The dataset combines 23,818 public audit findings produced by 22 independent security firms with 218 real-world exploit incidents documented by...
Data-Centric Benchmarking of Exploit Generation in LLMs: Understanding the Impact of Fine-Tuning
We study the task of CVE-conditioned exploit generation, where a model drafts proof-of-concept PoC exploits given software vulnerability context. We adopt a data-centric approach, constructing a high-quality dataset via multi-stage preprocessing and introducing a scalable evaluation framework wit...
LLM: LSTM Look-Ahead Moving Target Defense Based on Historical Malicious Scan
Network scanning is a critical preliminary step for most adversaries to gain essential information before launching cyber attacks. Moving Target Defense MTD based on IP shuffling has emerged as a proactive defense strategy to counteract these reconnaissance efforts. Unlike static, reactive defens...
HTTP/2 Exposure Auditor
The script safely evaluates HTTP/2 exposure by negotiating ALPN, initiating a minimal HTTP/2 session, collecting server SETTINGS frames, and identifying potentially permissive protocol configurations. It avoids stream amplification, flooding behavior, connection fan-out, and sustained resource...
Evaluating LLMs for Obfuscation Detection and Classification in Android Apps
Android applications apps developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security...
Detecting Bot Detection: Prevalence, Techniques, and Implications for Web Measurement Research
Browser automation frameworks are essential tools for security and privacy research on the web, yet bot detection scripts increasingly probe their artifacts, threatening measurement validity as automated browsers may be blocked or served different content. Prior work measures detection deployment...
Investigating Metamorphic Fuzz Oracle Enhancement Via Large Language Models
Fuzz drivers are essential components of greybox fuzzing, as they encapsulate target interfaces, define test spaces, and largely determine fuzzing effectiveness. Existing fuzz drivers typically rely on crash-based oracles for security testing, overlooking library functionality and limiting bug...
Palo Alto GlobalProtect TLS Posture Scanner
This Metasploit auxiliary module is structured as a defensive assessment tool focused on TLS posture analysis and service identification for GlobalProtect deployments...
FreeType Automated Font Corpus Scanner
This Python framework implements a structured font-analysis pipeline for large-scale robustness testing of FreeType font parsing behavior...
Breaking TinyML: Why Quantized Neural Networks Need Domain-Specific Security Analysis
Most TinyML hardware accelerators focus on supporting Quantized Neural Networks QNNs to meet stringent constraints on power consumption and size. Despite this, the security aspects of quantization within TinyML hardware remain largely unexplored. Although previous studies indicate that QNNs...
Security Engineering of OpenClaw: Analyzing Attack Surface Expansion and Trust-Boundary Violations
Agentic large language model LLM systems can now execute actions, not only produce text. When model outputs trigger privileged operations such as shell commands, browser automation, or external tool calls, the security problem shifts from alignment alone to system configuration and structural...
Security Threats and Their Impact on Blockchain Interoperability: Identification and Countermeasures
Blockchain interoperability enables independent blockchain systems to communicate and exchange assets across heterogeneous networks. However, the lack of comprehensive security mechanisms remains a critical weakness -- one that attackers have already exploited to cause hundreds of millions of...
FreeType Contour Boundary Validation Utility
This is a FreeType contour boundary validation utility for detecting indexing and integer-limit risks. It implements a validation routine for detecting unsafe contour metadata conditions by evaluating contour counts and index boundaries against expected limits...
Giving AI a Headache: Acoustic Adversarial Attacks to Computer Vision Applications
Artificial Intelligence AI is increasingly used to automate a variety of real-world computer vision CV applications, such as autonomous vehicle control, facial recognition, and security cameras. Recent research has shown that acoustic vibration can induce real physical motion in cameras,...
FortiSandbox Endpoint Validation Tool
This Python script is a utility designed to evaluate the exposure and configuration state of a FortiSandbox deployment through publicly reachable management endpoints...
Joern 4.0.557
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
FreeType Experimental TrueType Glyph Construction
This Python code outlines an experimental framework for constructing synthetic TrueType font structures intended for studying parser behavior, glyph-processing logic, and edge-case handling within font-rendering pipelines...
Security in a Workflow: Exploring Role-Based Agentic Architectures for Vulnerability Handling
Secure software engineering in practice is a multi-stage workflow involving vulnerability analysis, remediation, and fix verification. However, current LLM-based software security approaches often focus on isolated tasks such as detection or patch generation, with limited attention to agentic...
Ultra-Broadband Anti-Jamming Communication Via a Rydberg Atomic Receiver
Ultra-broadband anti-jamming communication represents a promising approach to secure and robust information transfer through spread-spectrum techniques, effectively combatting malicious interference and eavesdropping. Rydberg atoms, enhanced by waveguide coupling, facilitate ultra-broadband...
WatchGuard FireboxV LDAP Race Condition
WatchGuard FireboxV with firmware version 12.11.6 Build B728370 suffers from a race condition in rscryptosetupldapserver libpkicli.so that allows two concurrently-processed IKEv1 Aggressive Mode packets to trigger a double-free and use-after-Free on the global LDAP connection handle. The research...
Falco 0.44.1
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco...
The Emergence of Autonomous Penetration Capabilities in Large Language Model-Powered AI Systems
Nowadays, the autonomous execution of cyberattacks capable of causing substantial real-world harm is widely regarded as one of the critical red lines that frontier AI systems must not cross. Within this broader red-line scenario, autonomous penetration represents a core enabling capability and...
DNGBehaviorAnalyzer Telemetry-Based DNG/TIFF Metadata Parser and Anomaly Detection
This Python script provides a telemetry-driven analysis framework for inspecting Digital Negative DNG files through low-level TIFF metadata parsing and runtime event logging. The tool reads and validates TIFF headers, traverses Image File Directory IFD entries, and records parser activity using...
Safety-Contract Graph Multi-Agent Reinforcement Learning for Autonomous Network Security Response
Autonomous network-security response systems promise to reduce Security Operations Centre SOC reaction latency, but reward-only multi-agent reinforcement learning MARL can improve security reward while remaining non-deployable. We present a safety-contract graph MARL framework and instantiate it ...
ASN.1-Compliant CLDAP Validator
This Metasploit module implements a production-grade CLDAP LDAP over UDP validator that strictly follows ASN.1 BER encoding rules. It builds compliant LDAP search requests for Netlogon verification using carefully structured BER encoders for integers, strings, sequences, and filters. It can be us...
Crypto X AI, AI X Crypto: A Survey
The intersection of crypto x AI is spawning papers, products, online posts, and companies. All the surrounding buzz, though, obscures what exactly has been done, what the opportunities and challenges are, and what open questions deserve attention. This survey paper asks what AI can do for...
LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets
Bitcoin's Lightning Network LN can be exploited as a covert, low-cost command-and-control C&C channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain proof-of-concept prototypes evaluated only through simulation, leaving key questions about real-world topology...
Information Flow Paths from RTL Traces
Security validation is an important yet challenging part of the hardware design process, yet, by convention, validation engineers are tasked with defining the threat model, specifying the relevant security properties, detecting any violations of those properties, and assessing the consequences to...
Pseudonym Scheme Based on Hybrid Certificates for Security Credential Management System in Vehicular Communications
In recent years, the Institute of Electrical and Electronics Engineers IEEE and the European Telecommunications Standards Institute ETSI have developed a series of security communication standards for vehicular communications. These standards include mechanisms such as the Security Credential...
Chatwoot Scanner
This is a security assessment tool designed to evaluate authentication status, response behavior, and possible exposure indicators in Chatwoot conversation filtering functionality...
Side-Channel Attacks Bypass Protection in 3D Printers
Active Motor Noise Cancellation AMNC ships in commercial fused deposition modeling FDM 3D printers as a hardware countermeasure against acoustic side-channel attacks that target intellectual property IP. We present the first empirical evaluation of a deployed AMNC countermeasure, using a public...
VS Code Extension Persistence
This Metasploit module installs a malicious VS Code extension into the target's VS Code extensions directory. The extension executes the payload each time VS Code is launched, providing persistent code execution. Supports VS Code, VS Code Insiders, VSCodium, VS Code Server, and Cursor. Tested...
ViPER: Vision-Based Packing-Aware Encoder for Robust Malware Detection
Visualization-based malware detection maps raw binary bytes to grayscale images and applies learned visual classifiers, providing an evasion-resistant and disassembly-free alternative to conventional analysis pipelines. However, executable packing remains a critical failure mode: packed binaries...
DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities
One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept PoC inputs is therefore essential for assessing real-world impact. The key challenge is identifying necessary constraints for triggering the vulnerability and solving them...
Craft CMS Authorization and Migration Endpoint Exposure Tool
This is an assessment utility designed to evaluate potential exposure related to authorization handling and migration endpoint accessibility in Craft CMS deployments...
DNGInspector Structural Analyzer for DNG/TIFF Metadata and IFD Anomaly Detection
This Python script implements a static inspection tool for Digital Negative DNG files by parsing the TIFF-based header and analyzing Image File Directory IFD entries for structural anomalies. The tool validates basic header fields, traverses IFD records, and flags suspicious metadata patterns suc...
MAStrike: Shapley-Guided Collusive Red-Teaming on Multi-Agent Systems
Hierarchical multi-agent systems MAS are rapidly being deployed in high-stakes workflows across domains such as finance and software engineering. In these systems, safety and security are inherently distributed across role-specialized agents, significantly expanding the attack surface, particular...
RTL-Arrow: Hardware-To-Cloud Bridge
Hardware Security at Willamette is a Willamette University affiliated research group studying the hardware-software interface of security critical services. Within our program, we noticed many researchers spent considerable development time learning to understand and manually parse...
Defending the Core: A Centrality-Based Protection Strategy for Supply Chain Security in Npm Dependency Network
The modern software supply chain, taking Node Package Manager npm dependency network for example, relies heavily on shared open-source dependencies. While this promotes rapid development, it introduces systemic vulnerabilities as well. Concerning this potential risk, we analyze the npm dependency...
DNG Generator for Floating-Point Edge Cases and Image Processing Robustness Testing
This C program implements an experimental TIFF/DNG file generator intended for studying how image-processing pipelines respond to unusual metadata combinations and extreme floating-point conditions...
Joern 4.0.556
Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...
ngxray Vulnerability Scanner
ngxray is a static vulnerability scanner for nginx configurations. It parses configs with nginx's own tokenizer and matches against declarative JSON rules to detect known CVEs in rewrite/script engine directive patterns...
FortiSandbox Exposure Scanner
This Metasploit auxiliary scanner module performs passive exposure assessment of FortiSandbox deployments by identifying platform fingerprints, collecting publicly accessible version metadata, and evaluating API exposure levels without using exploit functionality. The module validates whether a...
Font Generator for Embedded Bitmap and Color Glyph Pipeline Robustness Testing
This Python program constructs a handcrafted TrueType font file that combines multiple font subsystems - including embedded bitmap tables, color glyph definitions, glyph mapping structures, and minimal layout metadata - into a single synthetic test artifact...
SEVRA-BENCH: Social Engineering of Vulnerabilities in Review Agents
Large language model LLM reviewers are increasingly used in pull-request PR workflows, where their approvals help decide which code is merged into a repository. This raises a question that benchmarks for static vulnerability detection or code generation do not address: can an automated reviewer...
ACPM Concurrent Transfer Stress Tester for Channel Synchronization Validation
This C program is a multi-threaded concurrency reproducer intended to stress-test concurrent invocations of acpmdoxfer against the same ACPM channel in order to observe synchronization behavior, race conditions, error handling, and driver stability under contention...