CVE-2020-0601

This exploit demonstrates CVE-2020-0601, a vulnerability in Windows CryptoAPI where an attacker can spoof ECC certificates by manipulating the generator point in the elliptic curve group. The code modifies a CA certificate's public key to create a forged certificate that appears valid.

This repository contains a proof-of-concept exploit for CVE-2020-0601 (CurveBall), a vulnerability in Windows' cryptographic validation of ECC certificates. It demonstrates how to spoof a trusted CA certificate by manipulating the generator parameter, allowing the creation of fraudulent certificates for code signing or TLS.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a Windows CryptoAPI spoofing vulnerability. It includes a Python script to generate a rogue private key matching a root certificate's public key on the P-384 curve, enabling the creation of spoofed certificates.

This repository contains a proof-of-concept tool for CVE-2020-0601, which exploits a vulnerability in Windows CryptoAPI by generating an alternative private key for a given ECC certificate. The tool manipulates the EC_GROUP to set the private key to 1, effectively bypassing certificate validation.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a vulnerability in Windows CryptoAPI that allows spoofing of digital signatures. The PoC generates malicious certificates that bypass validation in vulnerable systems, enabling attacks like spoofing TLS certificates and Authenticode signatures.

This repository provides a Zeek script to detect exploit attempts for CVE-2020-0601 by checking for unknown curves in certificates. It logs suspicious certificates and raises notices but does not contain exploit code.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a vulnerability in Microsoft's CryptoAPI.dll that allows spoofing of ECC certificates. The Ruby scripts demonstrate how to manipulate elliptic curve parameters to forge a certificate that appears valid.

This PoC exploits CVE-2020-0601 (Curveball) by manipulating ECC certificate parameters to create a spoofed trusted certificate. It abuses CryptoAPI's handling of elliptic curve parameters to generate a fake private key that appears valid.

This repository provides a Zeek plugin to detect exploit attempts for CVE-2020-0601 by checking for unknown curves in X.509 certificates. It includes a compiled C component that interfaces with OpenSSL 1.1.1 to validate curves against known NIST prime curves.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a vulnerability in Windows CryptoAPI that allows spoofing of elliptic curve cryptography (ECC) certificates. The tool generates a spoofed certificate authority (CA) key and creates a code-signing certificate that appears legitimate but is actually forged.

This repository is a curated list of links to other repositories containing PoCs and detection tools for CVE-2020-0601, a vulnerability in Windows CryptoAPI. It does not contain exploit code itself but references external projects.

This repository contains a working proof-of-concept exploit for CVE-2020-0601 (CurveBall), which leverages a vulnerability in Windows' ECC certificate validation. The exploit generates a spoofed CA certificate by manipulating the generator parameter, allowing the creation of trusted certificates for code signing or TLS.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a vulnerability in the Windows CryptoAPI that allows an attacker to spoof certificates. The tool generates a malicious certificate authority (CA) with the same public key as a trusted CA, enabling man-in-the-middle attacks.

This Ruby script exploits CVE-2020-0601 (CurveBall) to generate rogue certificates that bypass Windows' certificate validation by manipulating elliptic curve parameters. It can create code-signing or TLS certificates to spoof trusted CAs.

The repository contains only a README.md file mentioning CVE-2020-0601, a remote code execution vulnerability in Citrix ADC and Gateway, but lacks any actual exploit code or technical details.

This PoC exploits CVE-2020-0601 (CurveBall) by generating a rogue ECC certificate that bypasses Microsoft CryptoAPI's signature validation. It manipulates elliptic curve parameters to create a certificate with the same public key as a legitimate one, enabling spoofing attacks.

This repository contains resources related to the detection of CurveBall (CVE-2020-0601), a vulnerability in Windows CryptoAPI. It references an external article for further details but does not include exploit code or a proof-of-concept.

This repository provides a proof-of-concept for CVE-2020-0601, a vulnerability in Windows CryptoAPI (Crypt32.dll) that allows spoofing of code-signing certificates. It includes steps to create a malicious PKCS12 file and sign an executable, demonstrating the vulnerability.

This repository contains a Python-based proof-of-concept exploit for CVE-2018-20250, which targets a path traversal vulnerability in WinRAR. The exploit leverages a maliciously crafted ACE archive to extract files to arbitrary locations on the system.

This repository provides a PowerShell script to check and patch systems for CVE-2020-0601 (Curveball vulnerability in Windows 10). It downloads and applies cumulative updates for affected versions.

This repository is a curated collection of resources, blogs, and Proof of Concepts (PoCs) related to CVE-2020-0601, a critical vulnerability in Microsoft Windows cryptographic functionality. It includes links to PoCs, detection methods, and advisories but does not contain actual exploit code.

This repository demonstrates a proof-of-concept exploit for CVE-2020-0601, which involves spoofing a trusted root certificate by manipulating elliptic curve parameters in Windows 10's certificate validation process. It generates a fake root CA and signs a leaf certificate to bypass validation.

This repository contains a README file describing CVE-2020-0601, a Windows CryptoAPI spoofing vulnerability, but lacks actual exploit code or technical details. The included GIF appears to be a placeholder or reused from another CVE.

This repository contains a functional exploit for CVE-2020-0601 (Curveball), which manipulates elliptic curve cryptography parameters to forge a trusted certificate. The tool generates an alternative private key for a given public certificate, exploiting a vulnerability in Windows CryptoAPI.

This repository contains a proof-of-concept for CVE-2020-0601, a vulnerability in Windows CryptoAPI that allows spoofing of elliptic curve cryptography (ECC) certificates. The PoC demonstrates how to generate a spoofed CA key and use it to sign TLS certificates or code-signing certificates, bypassing trust validation.

This repository contains a proof-of-concept for CVE-2020-0601 (Curveball), demonstrating how to forge certificates by exploiting a vulnerability in Windows' cryptographic validation of ECC certificates. The code includes key generation, certificate forging, and validation bypass techniques.

This PoC exploits CVE-2020-0601 (CurveBall) by generating a spoofed ECC certificate that bypasses Windows' certificate validation. It manipulates the public key and generator to create a fraudulent CA, enabling code signing of malicious executables.

This PoC exploits CVE-2020-0601 (Windows CryptoAPI Spoofing Vulnerability) by generating a spoofed certificate authority (CA) key. It manipulates the elliptic curve parameters to create a fake private key that can be used to sign malicious code as if it were from a trusted source.

This repository contains a proof-of-concept exploit for CVE-2020-0601, a vulnerability in Windows CryptoAPI that allows spoofing of elliptic curve cryptography (ECC) certificates. The exploit generates a spoofed CA certificate and demonstrates a man-in-the-middle (MITM) attack using a Node.js proxy server.

This repository claims to implement CVE-2020-0601 (Windows CryptoAPI Spoofing Vulnerability) but only contains a basic Flask server with SSL. No exploit logic or PoC for the vulnerability is present.

This is a proof-of-concept exploit for CVE-2020-0601 (CurveBall), a vulnerability in Windows' cryptographic validation of ECC certificates. The PoC generates a spoofed certificate by manipulating the elliptic curve parameters to bypass validation.

This repository contains a functional exploit for CVE-2020-0601 (Curveball), which abuses a flaw in Windows' cryptographic validation of ECC certificates. The tool generates a spoofed CA certificate and signs executables, bypassing trust validation.

This repository contains utility code for CVE-2020-0601, a Windows CryptoAPI spoofing vulnerability. It includes OpenSSL curve data and a base64 encoding/decoding library, likely used to generate malicious certificates or test exploit scenarios.

This PoC exploits CVE-2020-0601, a vulnerability in Windows CryptoAPI where spoofed ECC certificates can bypass validation. It manipulates the generator of an elliptic curve group to forge a certificate that appears valid.

This repository contains a Lua script designed to detect exploit attempts for CVE-2020-0601 (Curveball) by analyzing TLS handshake traffic for improper ECC curve usage. The script checks for known ECC cryptography suites and alerts if suspicious patterns are found.

This Perl script exploits CVE-2020-0601 by converting a public key from a certificate into a fake private key, leveraging a vulnerability in Windows CryptoAPI. It manipulates elliptic curve cryptography parameters to forge a private key that can be used to spoof signatures.

This PowerShell script checks if the hotfix for CVE-2020-0601 is installed on a Windows system and scans for exploitation attempts via Event Log entries. It does not exploit the vulnerability but verifies patch status and potential attack indicators.

This PowerShell script automates the deployment of patches for CVE-2020-0601 (Windows CryptoAPI Spoofing Vulnerability) across multiple servers in an Active Directory environment. It checks server build numbers and installs the appropriate patch for Windows Server 2016 or 2019.