This repository provides content for aiding DoD administrators in verifying systems have applied and enabled mitigations for hardware and firmware vulnerabilities such as side-channel and UEFI vulnerabilities. The repository is a companion to NSA Cybersecurity Advisories such as Vulnerabilities Affecting Modern Processors. This repository is updated as new information, research, strategies, and guidance are developed. The following mitigations generally apply to all systems. For specific steps for a particular operating system or vendor product, consult detailed instructions and strategies at Specific Guidance.
https://github.com/nsacyber/Hardware-and-Firmware-Security-GuidanceTags | audit vulnerability cve nessus spectre guidance meltdown cve-2017-5754 cve-2017-5715 cve-2017-5753 cve-2018-3640 cve-2018-3639 cve-2018-3693 cve-2018-3665 |
Implementation | C |
License | Public |
Platform |
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.
mitigation kernel meltdown spectre cve-2017-5753 cve-2017-5715 cve-2017-5754 freebsd netbsd dragonflybsd cve-2018-3640 cve-2018-3639 foreshadow cve-2018-3615 cve-2018-3620 cve-2018-3646SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel. An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.
meltdown spectre intelbug kernel internals cpu kaiser kptiIMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
poc drupalgeddon2 exploit drupal cve-2018-7600 sa-core-2018-002Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.
meltdown kpti kaiser pti exploit poc security intelbugSupports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.
exploit cve cve-2018-8210Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.
Exploit for Drupal v7.x + v8.x (Drupalgeddon 2 / CVE-2018-7600 / SA-CORE-2018-002)
exploit drupal drupalgeddon2 sa-core-2018-002 cve-2018-7600 drupal7 drupal8 drupalgeddon pocdocker build -t cve-2018-15473 .
(CVE-2018-9995) Get DVR Credentials
Running CVE-2017-8759 exploit sample. If all is good mspaint should run.
This app is currently in "Alpha" state, it's my first Android app and there is some rather disgusting code (Potentially blocking tasks on the UI thread 🤢). This will be improved soon™. For anyone who wants to look at the exploit source, the magic happens here.
nintendo nintendo-switch nintendo-switch-hacking exploit usb cve-2018-6242PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system. PCILeech works without hardware together with memory dump files and the Windows 7/2008R2 x64 Total Meltdown / CVE-2018-1038 vulnerability.
🚀Vulfocus 是一个漏洞集成平台,将漏洞环境 docker 镜像,放入即可使用,开箱即用。
docker writeup vulnerability-environment vulhub cve-2020-1938 cve-2020-7961 vulfocus cve-2020-11652 cve-2020-11651 vulfocus-docker✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.
awesome cve pocxnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc or gtfo
Proof-of-concept BSoD (Blue Screen of Death) and Elevation of Privilege (to SYSTEM) code for my CVE-2016-0051 (MS-016).
This repo contains research concerning CVE-2019-0708. The vulnerability occurs during pre-authorization and has the potential to run arbitrary malicious code in the NT Authority\system user security context.
Bad-PDF create malicious PDF file to steal NTLM(NTLMv1/NTLMv2) Hashes from windows machines, it utilize vulnerability disclosed by checkpoint team to create the malicious PDF file. Bad-Pdf reads the NTLM hashes using Responder listener. This method work on all PDF readers(Any version) and java scripts are not required for this attack, most of the EDR/Endpoint solution fail to detect this attack.
ntlm-hashes badpdf vulnerability ntlm-hash-extraction cve-2018-4993Win32k LPE vulnerability used in APT attack
cve-2015-1701
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.