Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2020-0601

Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

POC

Reference

- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html

- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html

Github

- https://github.com/0day404/vulnerability-poc

- https://github.com/0kraven/MalDevJournal

- https://github.com/0x06K/MalDevJournal

- https://github.com/0xT11/CVE-POC

- https://github.com/0xxon/cve-2020-0601

- https://github.com/0xxon/cve-2020-0601-plugin

- https://github.com/0xxon/cve-2020-0601-utils

- https://github.com/20142995/sectool

- https://github.com/3th1c4l-t0n1/EnableWindowsLogSettings

- https://github.com/5l1v3r1/CVE-2020-0606

- https://github.com/84KaliPleXon3/ctf-katana

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AWimpyNiNjA/Powershell

- https://github.com/Abhijeet-Khanzode/TASK3

- https://github.com/AdavVegab/PoC-Curveball

- https://github.com/AmitNiz/exploits

- https://github.com/AndreLlorente/NVD_CVE_EXTRACTOR

- https://github.com/ArrestX/--POC

- https://github.com/Ash112121/CVE-2020-0601

- https://github.com/BlueTeamSteve/CVE-2020-0601

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/CVEDB/top

- https://github.com/CheatBreaker/Security-Advisory

- https://github.com/CnHack3r/Penetration_PoC

- https://github.com/DipeshGarg/Shell-Scripts

- https://github.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell

- https://github.com/EchoGin404/-

- https://github.com/EchoGin404/gongkaishouji

- https://github.com/ExpLife0011/awesome-windows-kernel-security-development

- https://github.com/FumoNeko/Hashcheck

- https://github.com/Ghebriou/platform_pfe

- https://github.com/GhostTroops/TOP

- https://github.com/Hans-MartinHannibalLauridsen/CurveBall

- https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT

- https://github.com/InQuest/yara-rules

- https://github.com/Information-Warfare-Center/CSI-SIEM

- https://github.com/JERRY123S/all-poc

- https://github.com/JPurrier/CVE-2020-0601

- https://github.com/Jashanveer-Singh/cryptographic_failure

- https://github.com/JoelBts/CVE-2020-0601_PoC

- https://github.com/JohnHammond/ctf-katana

- https://github.com/KayCHENvip/vulnerability-poc

- https://github.com/MarkusZehnle/CVE-2020-0601

- https://github.com/Miraitowa70/POC-Notes

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/Ondrik8/exploit

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/RrUZi/Awesome-CVE-2020-0601

- https://github.com/SaraArif6198/SQL-Injection-Report

- https://github.com/SatenderKumar3024/CompTIA-Cloud-Certification-Exam---EXAM-NUMBER-CV0-004---Satender-Kumar

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShayNehmad/twoplustwo

- https://github.com/SherlockSec/CVE-2020-0601

- https://github.com/TBHIDK24/MalDevJournal

- https://github.com/TBHIDK57/MalDevJournal

- https://github.com/Threekiii/Awesome-POC

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/Tyro-Shan/gongkaishouji

- https://github.com/XTeam-Wing/RedTeaming2020

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/YIXINSHUWU/Penetration_Testing_POC

- https://github.com/Yamato-Security/EnableWindowsLogSettings

- https://github.com/YoannDqr/CVE-2020-0601

- https://github.com/YojimboSecurity/YojimboSecurity

- https://github.com/YojimboSecurity/chainoffools

- https://github.com/ZTK-009/Penetration_PoC

- https://github.com/amlweems/gringotts

- https://github.com/apmunch/CVE-2020-0601

- https://github.com/apodlosky/PoC_CurveBall

- https://github.com/aymankhder/ctf_solver

- https://github.com/badigervijay/AI-Based-Threat-Intelligence-Platform

- https://github.com/bsides-rijeka/meetup-2-curveball

- https://github.com/bzuracyber/Azure-Compliance-as-Code-Pipeline

- https://github.com/cimashiro/-Awesome-CVE-2020-0601-

- https://github.com/cisagov/Malcolm

- https://github.com/crnnr/SS25-Kryptologie2

- https://github.com/cyberanand1337x/bug-bounty-2022

- https://github.com/d4n-sec/d4n-sec.github.io

- https://github.com/david4599/CurveballCertTool

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/dlee35/curveball_lua

- https://github.com/eastmountyxz/CSDNBlog-Security-Based

- https://github.com/eastmountyxz/CVE-2018-20250-WinRAR

- https://github.com/eastmountyxz/CVE-2020-0601-EXP

- https://github.com/eastmountyxz/NetworkSecuritySelf-study

- https://github.com/eastmountyxz/SystemSecurity-ReverseAnalysis

- https://github.com/elikaski/ECC_Attacks

- https://github.com/exploitblizzard/CVE-2020-0601-spoofkey

- https://github.com/gautam0786/Cybersecurity-Intern-task-3

- https://github.com/gentilkiwi/curveball

- https://github.com/githuberxu/Safety-Books

- https://github.com/gremwell/cve-2020-0601_poc

- https://github.com/gremwell/qsslcaudit

- https://github.com/gremwell/qsslcaudit-pkg-deb

- https://github.com/hackerhouse-opensource/exploits

- https://github.com/hasee2018/Penetration_Testing_POC

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hktalent/TOP

- https://github.com/huike007/penetration_poc

- https://github.com/huike007/poc

- https://github.com/huisetiankong478/penetration_poc

- https://github.com/huisetiankong478/poc

- https://github.com/huynhvanphuc/EnableWindowsLogSettings

- https://github.com/hwiwonl/dayone

- https://github.com/ioncodes/Curveball

- https://github.com/ioncodes/ioncodes

- https://github.com/jbmihoub/all-poc

- https://github.com/kerk1/WarfareCenter-CSI-SIEM

- https://github.com/kudelskisecurity/chainoffools

- https://github.com/kudelskisecurity/northsec_crypto_api_attacks

- https://github.com/lions2012/Penetration_Testing_POC

- https://github.com/lnick2023/nicenice

- https://github.com/ly4k/CurveBall

- https://github.com/mazharkhanpathan61354/cyber-security-internship-task-3

- https://github.com/mmguero-dev/Malcolm-PCAP

- https://github.com/modubyk/CVE_2020_0601

- https://github.com/mvlnetdev/zeek_detection_script_collection

- https://github.com/nissan-sudo/CVE-2020-0601

- https://github.com/nitinsanap95-hash/Elevate-Lab-Task-3

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/okanulkr/CurveBall-CVE-2020-0601-PoC

- https://github.com/password520/Penetration_PoC

- https://github.com/pentration/gongkaishouji

- https://github.com/pravinsrc/NOTES-windows-kernel-links

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/robmichel2854/robs-links

- https://github.com/s1lver-lining/Starlight

- https://github.com/saleemrashid/badecparams

- https://github.com/shengshengli/NetworkSecuritySelf-study

- https://github.com/soosmile/POC

- https://github.com/sourcx/zeekweek-2021

- https://github.com/supermandw2018/SystemSecurity-ReverseAnalysis

- https://github.com/talbeerysec/CurveBallDetection

- https://github.com/thimelp/cve-2020-0601-Perl

- https://github.com/tim3959951/CVE-Analysis-Agent

- https://github.com/tobor88/PowerShell-Blue-Team

- https://github.com/tyj956413282/curveball-plus

- https://github.com/ucsb-seclab/DeepCASE-Dataset

- https://github.com/weeka10/-hktalent-TOP

- https://github.com/willamygarcia/Vuln_Windows_7_11

- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xuetusummer/Penetration_Testing_POC

- https://github.com/yanghaoi/CVE-2020-0601

- https://github.com/yedada-wei/-

- https://github.com/yedada-wei/gongkaishouji

- https://github.com/yo-yo-yo-jbo/ecc_intro

- https://github.com/yshneyderman/CS590J-Capstone

- https://github.com/yuxulu/snoopy

- https://github.com/ztora/msvuln

- https://github.com/zzyss-marker/NetworkSecuritySelf-study