EUVD-2020-0076

Malware in sbrugna...

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2024-43108

The goTenna Pro ATAK Plugin uses AES CTR type encryption for short, encrypted messages without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message. It is advised to continue to use encryption in the plugin and update to the curre...

BokuLoader - A Proof-Of-Concept Cobalt Strike Reflective Loader Which Aims To Recreate, Integrate, And Enhance Cobalt Strike's Evasion Features!

A proof-of-concept User-Defined Reflective Loader UDRL which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin | @s4ntiago...

GHSA-346H-749J-R28W PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

PT-2024-40040 · Gnu · Gmp

Name of the Vulnerable Software and Affected Versions: PHPECC affected versions not specified Description: The issue concerns malleable ECDSA signature attacks. When generating new ECDSA signatures, the use of the GMPMath adapter, which wraps the GNU Multiple Precision arithmetic library GMP,...

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

HiddenDesktop - HVNC For Cobalt Strike

Hidden Desktop often referred to as HVNC is a tool that allows operators to interact with a remote desktop session without the user knowing. The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to...

Signature malleability for S

Lines of code Vulnerability details Impact Ethereum contracts often assumes that the signature is unique, but signatures can be altered without the possession of the private key and still be valid. The EVM specification defines several so-called ‘precompiled’ contracts one of them being ecrecover...

EVM Elliptic Curve Recovery Discrepancy

Lines of code Vulnerability details Impact The Ecrecover.yul file meant to simulate the ecrecover mechanism as executed by traditional ETH 1.0 consensus mechanisms is incorrect. In detail, it does not conform to the "Homestead" update which introduced an upper-bound check for s values of an r, s,...

SUSE CVE-2019-14859

A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without this verification, a malformed signature could be accepted, making the signature malleable. Without proper verification, an attacker could use a malleable...

SUSE CVE-2020-26556

Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment...

Malleable value in S

Lines of code Vulnerability details Impact Signature Proof of Concept ECDSA's malleability can be used to create new signatures under specific conditions. This post explores how serious these attacks can be. Tools Used Recommended Mitigation Steps Recomendation is to be added additional check for...

RedGuard - C2 Front Flow Control Tool, Can Avoid Blue Teams, AVs, EDRs Check

0x00 Introduction Tool introduction RedGuard is a derivative work of the C2 facility pre-flow control technology. It has a lighter design, efficient flow interaction, and reliable compatibility with go language development. The core problem it solves is also in the face of increasingly complex re...

_verifyProof allows empty proofs (allows malleable transactions)

Lines of code Vulnerability details Impact verifyProof allows empty proofs and in that case it expects the leaf to equal the root, because no hashing and iteration is taking place. The purpose of the tree is to hold multiple accepted tokenIds, where the consideration contains one and proving its...

Inject-Assembly - Inject .NET Assemblies Into An Existing Process

This tool is an alternative to traditional fork and run execution for Cobalt Strike. The loader can be injected into any process, including the current Beacon. Long-running assemblies will continue to run and send output back to the Beacon, similar to the behavior of execute-assembly. There are t...

Huawei EulerOS: Security Advisory for python-ecdsa (EulerOS-SA-2021-2429)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : python-ecdsa (EulerOS-SA-2021-2429)

According to the version of the python-ecdsa package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. Without...

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

RedWarden - Flexible CobaltStrike Malleable Redirector

RedWarden - Flexible CobaltStrike Malleable Redirector previously known as proxy2's malleableredirector plugin Let's raise the bar in C2 redirectors IR resiliency, shall we? Red Teaming business has seen several different great ideas on how to combat incident responders and misdirect them while...