Skip to content

Instantly share code, notes, and snippets.

Deniz Adrian zined

Block or report user

Report or block zined

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@zined
zined / 20200114-TLP-WHITE_CVE-2020-0601.md
Created Jan 16, 2020 — forked from SwitHak/20200114-TLP-WHITE_CVE-2020-0601.md
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-16 1758 UTC
View 20200114-TLP-WHITE_CVE-2020-0601.md

CVE-2020-0601 AKA ChainOfFools

General

  • Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
  • The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
  • The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

  • NSA description:
  • NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
@zined
zined / Insomnihack_Teaser_2017_winworld_exploit.py
Created Jan 7, 2019 — forked from j00ru/Insomnihack_Teaser_2017_winworld_exploit.py
Insomni'hack Teaser 2017 "winworld" exploit by Mateusz "j00ru" Jurczyk
View Insomnihack_Teaser_2017_winworld_exploit.py
# Insomni'hack Teaser 2017 "winworld" task exploit
#
# Author: Mateusz "j00ru" Jurczyk
# Date: 21 January 2017
#
import os
import random
import string
import sys
import struct
@zined
zined / get_aws_saml_token.sh
Created May 6, 2017 — forked from lantrix/get_aws_saml_token.sh
How to request SAML assertion from ADFS for Amazon Web Services using curl
View get_aws_saml_token.sh
curl https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed --data @aws_saml_request.xml -H "Content-Type: application/soap+xml" --verbose -o "saml.xml"
@zined
zined / aws_saml_request.xml
Created May 6, 2017 — forked from lantrix/aws_saml_request.xml
SOAP request for a SAML token for Amazon Web Services from an ADFS SOAP endpoint
View aws_saml_request.xml
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
<a:To s:mustUnderstand="1">https://youradfsserver.com.au/adfs/services/trust/13/usernamemixed</a:To>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken u:Id="uuid-6a13a244-dac6-42c1-84c5-cbb345b0c4c4-1">
<o:Username>user@domain.com.au</o:Username>
<o:Password>password</o:Password>
You can’t perform that action at this time.