CVE-2020-13777

PoC TLS13 CVE-2020-13777 The purpose of this PoC This PoC and related article were created to apply for the project "Challenge CVE-2020-13777" CVE-2020-13777 is a GnuTLS vulnerability whose patch is widely distributed This PoC aims to contribute to improving the information security literacy of people involved in the information and communications industry By wide

Some of my personal automation shell scripts.

Shell-Scripts Some of my personal automation shell scripts Details of all scripts Sub-Enumsh Syntax --> /Sub-Enumsh < filename containing all domains > This script takes a file containing all domains and enumerate subdomains for each of them using multiple tools as Subfinder , Assetfinder , Amass Then after sorting them it check for alive subdomains a

Zeek script to detect servers vulnerable to CVE-2020-13777

Zeek test script for CVE-2020-13777 This script performs a simple test to check if a server is potentially vulnerable to CVE-2020-13777 CVE-2020-13777 causes GnuTLS to create unencrypted session tickets This seems to be detectable by checking gnutls sets the key_name to zero - for which it uses the first 16 bytes of the session-ticket This script checks if: A server sends a

A simple to use TLS server library for Linux

tlsserver - a simple to use TLS server library for Linux tlsserver is a TLS server library that can use OpenSSL or GnuTLS as a backend As a difference to other libraries all mentioned backends can be enabled at compile time and backend selection is possibe at runtime The libtlsserverso shared library as well as the required tlsserverh header file are licensed LGPLv21+, eve

Challange CVE-2020-13777

Chanllenge CVE-2020-13777 Try to prove if TLS 13 MITM is possible and decrypt 0-RTT early data in pcap here (Server: 19216810023:5556) See jovi0608hatenablogcom/entry/2020/06/13/104905 and CVE-2020-13777 for details

CSI SIEM

Malcolm CSI-SIEM using Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using li

Malcolm CSI-SIEM using Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs These artifacts can be uploaded via a simple browser-based interface or captured live and forwarded to Malcolm using li

A collection of zeek detection scripts

Bro/Zeek Detection Script Collection A collection of bro/zeek detection scripts This is just a list Detection of techniques Mitre BZAR Detection of Long Connections Ransomware Filenames PingBack Cryptomining Detection of Vulnerabilities CVE-2020-0601 0xxon CVE-2020-1472 - Zerologon Corelight CVE-2020-12695 - CallStranger Corelight CVE-2020-13777 0xxon Threat I