[ { "title": "Hijacking Large Audio-Language Models via Context-Agnostic and Imperceptible Auditory Prompt Injection", "url": "https://github.com/facebookresearch/fairseq", "year": 2026, "stars": 32231, "forks": 6680, "authors": "", "github_org": "facebookresearch", "badges": "available", "last_active": "2025-09", "description": "Facebook AI Research Sequence-to-Sequence Toolkit written in Python.", "language": "Python", "conference": "SP", "area": "security" }, { "title": "PentestGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing", "url": "https://github.com/GreyDGL/PentestGPT", "year": 2024, "stars": 13393, "forks": 2314, "authors": "Gelei Deng, Yi Liu 0069, Víctor Mayoral Vilches, Peng Liu, Yuekang Li et al.", "github_org": "GreyDGL", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2026-02", "description": "Automated Penetration Testing Agentic Framework Powered by Large Language Models", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System", "url": "https://github.com/seemoo-lab/openhaystack", "year": 2021, "stars": 13004, "forks": 647, "authors": "Alexander Heinrich, Milan Stute, Tim Kornhuber, Matthias Hollick", "github_org": "seemoo-lab", "badges": "", "last_active": "2024-07", "description": "Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.", "language": "Swift", "conference": "PETS", "area": "security" }, { "title": "Automatic Wireless Protocol Reverse Engineering", "url": "https://github.com/jopohl/urh/releases/tag/v2.7.3", "year": 2019, "stars": 12438, "forks": 1005, "authors": "Johannes Pohl, Andreas Noack", "github_org": "jopohl", "badges": "Artifact Evaluated", "last_active": "2025-12", "description": "Universal Radio Hacker: Investigate Wireless Protocols Like A Boss", "language": "Python", "conference": "WOOT", "area": "security" }, { "title": "PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs", "url": "https://github.com/llm-attacks/llm-attacks", "year": 2025, "stars": 4685, "forks": 621, "authors": "Xueluan Gong, Mingzhe Li, Yilin Zhang, Fengyuan Ran, Chen Chen 0115 et al.", "github_org": "llm-attacks", "badges": "Badges: Available", "last_active": "2024-08", "description": "Universal and Transferable Attacks on Aligned Language Models", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks", "url": "https://github.com/richzhang/PerceptualSimilarity", "year": 2025, "stars": 4234, "forks": 524, "authors": "Junhua Lin, Marc Juarez", "github_org": "richzhang", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2024-07", "description": "LPIPS metric. pip install lpips", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Breaking the Layer Barrier: Remodeling Private Transformer Inference with Hybrid CKKS and MPC", "url": "https://github.com/microsoft/SEAL", "year": 2025, "stars": 3980, "forks": 771, "authors": "Tianshi Xu, Wen-jie Lu, Jiangrui Yu, Yi Chen, Chenqi Lin et al.", "github_org": "microsoft", "badges": "Badges: Available", "last_active": "2026-05", "description": "Microsoft SEAL is an easy-to-use and powerful homomorphic encryption library.", "language": "C++", "conference": "USENIXSEC", "area": "security" }, { "title": "Differentially Private SQL with Bounded User Contribution", "url": "https://github.com/google/differential-privacy", "year": 2020, "stars": 3322, "forks": 426, "authors": "Royce J. Wilson, Celia Yuxin Zhang, William Lam, Damien Desfontaines, Daniel Simmons-Marengo et al.", "github_org": "google", "badges": "", "last_active": "2026-05", "description": "Google's differential privacy libraries.", "language": "Go", "conference": "PETS", "area": "security" }, { "title": "Differentially private partition selection", "url": "https://github.com/google/differential-privacy/blob/main/common_docs/partition_selection.md", "year": 2022, "stars": 3322, "forks": 426, "authors": "Damien Desfontaines, James Voss, Bryant Gipson, Chinmoy Mandayam", "github_org": "google", "badges": "", "last_active": "2026-05", "description": "Google's differential privacy libraries.", "language": "Go", "conference": "PETS", "area": "security" }, { "title": "Lets Move2EVM", "url": "https://github.com/move-language/move", "year": 2025, "stars": 2334, "forks": 694, "authors": "Lorenzo Benetollo, Andreas Lackner, Matteo Maffei, Markus Scherer", "github_org": "move-language", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2024-05", "description": "", "language": "Rust", "conference": "USENIXSEC", "area": "security" }, { "title": "GET /out: Automated Discovery of Application-Layer Censorship Evasion Strategies", "url": "https://github.com/Kkevsterrr/geneva", "year": 2022, "stars": 2127, "forks": 205, "authors": "", "github_org": "Kkevsterrr", "badges": "", "last_active": "2023-11", "description": "automated censorship evasion for the client-side and server-side ", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "VoiceWukong: Benchmarking Deepfake Voice Detection", "url": "https://github.com/QwenLM/Qwen2-Audio", "year": 2025, "stars": 2072, "forks": 165, "authors": "", "github_org": "QwenLM", "badges": "", "last_active": "2025-04", "description": "The official repo of Qwen2-Audio chat & pretrained large audio language model proposed by Alibaba Cloud.", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Introduction to Procedural Debugging through Binary Libification", "url": "https://github.com/endrazine/wcc", "year": 2024, "stars": 1991, "forks": 115, "authors": "Jonathan Brossard", "github_org": "endrazine", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2026-05", "description": "The Witchcraft Compiler Collection", "language": "C", "conference": "WOOT", "area": "security" }, { "title": "Precise and Effective Gadget Chain Mining through Deserialization Guided Call Graph Construction", "url": "https://github.com/pascal-lab/Tai-e", "year": 2025, "stars": 1780, "forks": 195, "authors": "", "github_org": "pascal-lab", "badges": "", "last_active": "2026-05", "description": "An easy-to-learn/use static analysis framework for Java", "language": "Java", "conference": "USENIXSEC", "area": "security" }, { "title": "Interventional Root Cause Analysis of Failures in Multi-Sensor Fusion Perception Systems", "url": "https://github.com/autowarefoundation/autoware.universe", "year": 2025, "stars": 1643, "forks": 902, "authors": "Shuguang Wang, Qian Zhou 0008, Kui Wu 0001, Jinghuai Deng, Dapeng Wu 0001 et al.", "github_org": "autowarefoundation", "badges": "available,functional", "last_active": "2026-05", "description": "", "language": "C++", "conference": "NDSS", "area": "security" }, { "title": "Refusal Is Not an Option: Unlearning Safety Alignment of Large Language Models", "url": "https://github.com/PKU-Alignment/safe-rlhf", "year": 2025, "stars": 1603, "forks": 133, "authors": "", "github_org": "PKU-Alignment", "badges": "", "last_active": "2025-11", "description": "Safe RLHF: Constrained Value Alignment via Safe Reinforcement Learning from Human Feedback", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Corpus Christi: Establishing Replicability when Sharing the Bread is Not Allowed", "url": "https://github.com/fkie-cad/FACT_core", "year": 2025, "stars": 1443, "forks": 250, "authors": "", "github_org": "fkie-cad", "badges": "available,functional,reproduced", "last_active": "2026-05", "description": "Firmware Analysis and Comparison Tool", "language": "Python", "conference": "NDSS", "area": "security" }, { "title": "Hijacking Large Audio-Language Models via Context-Agnostic and Imperceptible Auditory Prompt Injection", "url": "https://github.com/0nutation/SpeechGPT", "year": 2026, "stars": 1404, "forks": 96, "authors": "", "github_org": "0nutation", "badges": "available", "last_active": "2024-07", "description": "SpeechGPT Series: Speech Large Language Models", "language": "Python", "conference": "SP", "area": "security" }, { "title": "BlockSci: Design and applications of a blockchain analysis platform", "url": "https://github.com/citp/BlockSci", "year": 2020, "stars": 1393, "forks": 269, "authors": "", "github_org": "citp", "badges": "", "last_active": "2021-12", "description": "A high-performance tool for blockchain science and exploration", "language": "C++", "conference": "USENIXSEC", "area": "security" }, { "title": "Attacks on Approximate Caches in Text-to-Image Diffusion Models", "url": "https://github.com/poloclub/diffusiondb", "year": 2026, "stars": 1386, "forks": 79, "authors": "", "github_org": "poloclub", "badges": "", "last_active": "2024-07", "description": "A large-scale text-to-image prompt gallery dataset based on Stable Diffusion", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Trojan Source: Invisible Vulnerabilities", "url": "https://github.com/nickboucher/trojan-source/tree/e3dc153fcf465f4a84424ea874ff39be29adb1f7", "year": 2023, "stars": 1287, "forks": 267, "authors": "", "github_org": "nickboucher", "badges": "", "last_active": "2023-04", "description": "Trojan Source: Invisible Vulnerabilities", "language": "SCSS", "conference": "USENIXSEC", "area": "security" }, { "title": "How to Abuse and Fix Authenticated Encryption Without Key Commitment", "url": "https://github.com/corkami/mitra/tree/Usenix22", "year": 2022, "stars": 1277, "forks": 82, "authors": "", "github_org": "corkami", "badges": "", "last_active": "2024-12", "description": "A generator of weird files (binary polyglots, near polyglots, polymocks...)", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Disrupting Continuity of Apple’s Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi", "url": "https://github.com/seemoo-lab/openwifipass", "year": 2021, "stars": 836, "forks": 34, "authors": "", "github_org": "seemoo-lab", "badges": "", "last_active": "2021-04", "description": "An open source implementation of Apple's Wi-Fi Password Sharing protocol in Python.", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "From Threat to Trust: Exploiting Attention Mechanisms for Attacks and Defenses in Cooperative Perception", "url": "https://github.com/DerrickXuNu/OpenCOOD", "year": 2025, "stars": 812, "forks": 126, "authors": "", "github_org": "DerrickXuNu", "badges": "", "last_active": "2024-08", "description": "[ICRA 2022] An opensource framework for cooperative detection. Official implementation for OPV2V.", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Datalog Disassembly", "url": "https://github.com/GrammaTech/ddisasm", "year": 2020, "stars": 749, "forks": 68, "authors": "", "github_org": "GrammaTech", "badges": "", "last_active": "2026-04", "description": "A fast and accurate disassembler", "language": "C++", "conference": "USENIXSEC", "area": "security" }, { "title": "Banned Books: Analysis of Censorship on Amazon.com", "url": "https://github.com/citizenlab/chat-censorship/tree/0acb521837e64d142bbf6f627f95656f6f0d8f3e/amazon", "year": 2026, "stars": 721, "forks": 104, "authors": "", "github_org": "citizenlab", "badges": "available", "last_active": "2026-03", "description": "Data related to the investigation of realtime censorship", "language": "Lua", "conference": "PETS", "area": "security" }, { "title": "Invisible but Detected: Physical Adversarial Shadow Attack and Defense on LiDAR Object Detection", "url": "https://github.com/tier4/AWSIM", "year": 2025, "stars": 709, "forks": 151, "authors": "", "github_org": "tier4", "badges": "", "last_active": "2026-05", "description": "Open sourced digital twin simulator for Autoware", "language": "C#", "conference": "USENIXSEC", "area": "security" }, { "title": "Bluetooth Security Testing with BlueToolkit: a Large-Scale Automotive Case Study", "url": "https://github.com/sgxgsx/BlueToolkit", "year": 2025, "stars": 698, "forks": 73, "authors": "Vladyslav Zubkov, Tommaso Sacchetti, Daniele Antonioli, Martin Strohmeier", "github_org": "sgxgsx", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2026-03", "description": " BlueToolkit is an extensible Bluetooth Classic vulnerability testing framework that helps uncover new and old vulnerabi", "language": "Jupyter Notebook", "conference": "WOOT", "area": "security" }, { "title": "PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs", "url": "https://github.com/sherdencooper/GPTFuzz", "year": 2025, "stars": 586, "forks": 84, "authors": "Xueluan Gong, Mingzhe Li, Yilin Zhang, Fengyuan Ran, Chen Chen 0115 et al.", "github_org": "sherdencooper", "badges": "Badges: Available", "last_active": "2026-02", "description": "Official repo for GPTFUZZER : Red Teaming Large Language Models with Auto-Generated Jailbreak Prompts", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Finding The Greedy, Prodigal, and Suicidal Contracts at Scale", "url": "https://github.com/MAIAN-tool/MAIAN", "year": 2018, "stars": 567, "forks": 160, "authors": "Ivica Nikolic, Aashish Kolluri, Ilya Sergey, Prateek Saxena, Aquinas Hobor", "github_org": "MAIAN-tool", "badges": "functional", "last_active": "2023-10", "description": "MAIAN: automatic tool for finding trace vulnerabilities in Ethereum smart contracts", "language": "Python", "conference": "ACSAC", "area": "security" }, { "title": "BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing", "url": "https://github.com/Matheus-Garbelini/braktooth_esp32_bluetooth_classic_attacks", "year": 2022, "stars": 563, "forks": 97, "authors": "", "github_org": "Matheus-Garbelini", "badges": "", "last_active": "2024-08", "description": "A Series of Baseband & LMP Exploits against Bluetooth Classic Controllers", "language": "", "conference": "USENIXSEC", "area": "security" }, { "title": "Inference Attacks Against Graph Generative Diffusion Models", "url": "https://github.com/cvignac/DiGress", "year": 2026, "stars": 518, "forks": 106, "authors": "", "github_org": "cvignac", "badges": "", "last_active": "2025-04", "description": "code for the paper \"DiGress: Discrete Denoising diffusion for graph generation\"", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Bridging Bitcoin to Second Layers via BitVM2", "url": "https://github.com/BitVM/BitVM", "year": 2026, "stars": 511, "forks": 182, "authors": "", "github_org": "BitVM", "badges": "", "last_active": "2026-01", "description": "A Trust-minimized Bitcoin Bridge", "language": "Rust", "conference": "USENIXSEC", "area": "security" }, { "title": "AVclass2: Massive Malware Tag Extraction from AV Labels", "url": "https://github.com/malicialab/avclass", "year": 2020, "stars": 486, "forks": 118, "authors": "Silvia Sebastián, Juan Caballero", "github_org": "malicialab", "badges": "reusable", "last_active": "2024-10", "description": "AVClass malware labeling tool", "language": "Python", "conference": "ACSAC", "area": "security" }, { "title": "Frankenstein: Advanced Wireless Fuzzing to Exploit New Bluetooth Escalation Targets", "url": "https://github.com/seemoo-lab/frankenstein", "year": 2020, "stars": 462, "forks": 66, "authors": "", "github_org": "seemoo-lab", "badges": "", "last_active": "2024-02", "description": "Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging", "language": "C", "conference": "USENIXSEC", "area": "security" }, { "title": "Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86", "url": "https://github.com/FPSG-UIUC/hertzbleed/releases/tag/usenix2022ae", "year": 2022, "stars": 453, "forks": 49, "authors": "", "github_org": "FPSG-UIUC", "badges": "", "last_active": "2022-09", "description": "", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "LLAMA: A Low Latency Math Library for Secure Inference", "url": "https://github.com/mpc-msri/EzPC/tree/master/FSS", "year": 2022, "stars": 447, "forks": 139, "authors": "Kanav Gupta, Deepak Kumaraswamy, Nishanth Chandran, Divya Gupta 0001", "github_org": "mpc-msri", "badges": "", "last_active": "2026-04", "description": "", "language": "C++", "conference": "PETS", "area": "security" }, { "title": "CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode", "url": "https://github.com/pietroborrello/CustomProcessingUnit", "year": 2023, "stars": 414, "forks": 27, "authors": "", "github_org": "pietroborrello", "badges": "ORO", "last_active": "2023-03", "description": "The first analysis framework for CPU microcode", "language": "C", "conference": "WOOT", "area": "security" }, { "title": "CertTA: Certified Robustness Made Practical for Learning-Based Traffic Analysis", "url": "https://github.com/locuslab/smoothing", "year": 2025, "stars": 412, "forks": 80, "authors": "", "github_org": "locuslab", "badges": "", "last_active": "2019-05", "description": "Provable adversarial robustness at ImageNet scale", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "CertTA: Certified Robustness Made Practical for Learning-Based Traffic Analysis", "url": "https://github.com/ymirsky/Kitsune-py", "year": 2025, "stars": 386, "forks": 114, "authors": "", "github_org": "ymirsky", "badges": "", "last_active": "2026-03", "description": "A network intrusion detection system based on incremental statistics (AfterImage) and an ensemble of autoencoders (KitNE", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Blind Backdoors in Deep Learning Models", "url": "https://github.com/ebagdasa/backdoors101/releases/tag/v1.0", "year": 2021, "stars": 381, "forks": 85, "authors": "", "github_org": "ebagdasa", "badges": "", "last_active": "2023-02", "description": "Backdoors Framework for Deep Learning and Federated Learning. A light-weight tool to conduct your research on backdoors.", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem", "url": "https://github.com/nevillegrech/gigahorse-toolchain", "year": 2026, "stars": 373, "forks": 76, "authors": "", "github_org": "nevillegrech", "badges": "", "last_active": "2026-05", "description": "A binary lifter and analysis framework for Ethereum smart contracts", "language": "HTML", "conference": "USENIXSEC", "area": "security" }, { "title": "Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing", "url": "https://github.com/fuzzware-fuzzer/fuzzware/releases/tag/sec22-ae-accepted", "year": 2022, "stars": 371, "forks": 71, "authors": "", "github_org": "fuzzware-fuzzer", "badges": "", "last_active": "2025-12", "description": "Fuzzware's main repository. Start here to install.", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks", "url": "https://github.com/YuxinWenRick/tree-ring-watermark", "year": 2025, "stars": 357, "forks": 53, "authors": "Junhua Lin, Marc Juarez", "github_org": "YuxinWenRick", "badges": "Badges: Available,Functional,Reproduced", "last_active": "2024-03", "description": "", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "Cracking Federated Privacy: Initialization-Resilient Gradient Inversion with Fine-Grained Reconstruction", "url": "https://github.com/JonasGeiping/breaching", "year": 2026, "stars": 320, "forks": 72, "authors": "", "github_org": "JonasGeiping", "badges": "", "last_active": "2026-01", "description": "Breaching privacy in federated learning scenarios for vision and text", "language": "Python", "conference": "USENIXSEC", "area": "security" }, { "title": "A Deep Dive into Function Inlining and its Security Implications for ML-based Binary Analysis", "url": "https://github.com/Cisco-Talos/binary_function_similarity", "year": 2026, "stars": 310, "forks": 37, "authors": "", "github_org": "Cisco-Talos", "badges": "available,functional", "last_active": "2024-07", "description": "", "language": "Jupyter Notebook", "conference": "NDSS", "area": "security" }, { "title": "Unicorefuzz: On the Viability of Emulation for Kernelspace Fuzzing", "url": "https://github.com/fgsect/unicorefuzz", "year": 2019, "stars": 305, "forks": 33, "authors": "Dominik Christian Maier, Benedikt Radtke, Bastian Harren", "github_org": "fgsect", "badges": "Artifact Evaluated", "last_active": "2023-01", "description": "Fuzzing the Kernel Using Unicornafl and AFL++", "language": "Python", "conference": "WOOT", "area": "security" }, { "title": "RusTEE: Developing Memory-Safe ARM TrustZone Applications", "url": "https://github.com/sccommunity/rust-optee-trustzone-sdk", "year": 2020, "stars": 276, "forks": 79, "authors": "Shengye Wan, Mingshen Sun, Kun Sun 0001, Ning Zhang 0017, Xu He", "github_org": "sccommunity", "badges": "reusable", "last_active": "2026-05", "description": "Teaclave TrustZone SDK enables safe, functional, and ergonomic development of trustlets.", "language": "Rust", "conference": "ACSAC", "area": "security" }, { "title": "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers", "url": "https://github.com/FPSG-UIUC/GoFetch/releases/tag/usenix2024ae", "year": 2024, "stars": 273, "forks": 22, "authors": "", "github_org": "FPSG-UIUC", "badges": "", "last_active": "2024-06", "description": "GoFetch: Breaking Constant-Time Cryptographic Implementations Using Data Memory-Dependent Prefetchers -- USENIX Security", "language": "C", "conference": "USENIXSEC", "area": "security" }, { "title": "FANS: Fuzzing Android Native System Services via Automated Interface Analysis", "url": "https://github.com/iromise/fans", "year": 2020, "stars": 265, "forks": 44, "authors": "", "github_org": "iromise", "badges": "", "last_active": "2020-09", "description": "FANS: Fuzzing Android Native System Services", "language": "C++", "conference": "USENIXSEC", "area": "security" } ]