Skip to content
/ PoC Public
forked from pedrib/PoC

Advisories, proof of concept files and exploits that have been made public by @pedrib.

License

Notifications You must be signed in to change notification settings

blueicesir/PoC

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pedro Ribeiro (@pedrib) Exploit Dumping Grounds

This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC.

  • advisories: all my public advisories, research notes, etc
    • Pwn2Own: advisories related to my Pwn2Own participations
  • exploits: all my public exploits
    • metasploit: Metasploit modules created by myself and integrated into the Metasploit framework
      • Pwn2Own: Metasploit modules created for / used in Pwn2Own competitions I have participated in
  • fuzzing: proof of concept or fuzzing testcases that have an assigned CVE identifier but weren't exploitable (or I just didn't have time to dig further and make them exploitable)
  • pedigree.csv: a CSV file containing all my trophies, aka CVE and ZDI identifiers assigned to my vulnerabilities, my Metasploit modules that have been integrated into the framework, etc (basically my vulnerability CV)
  • pedrib-gmail-pgp.asc: my current PGP key for pedrib_at_gmail_dot_com

All information, code and binary data in this repository is released to the public under the GNU General Public License, version 3 (GPLv3). For information, code or binary data obtained from other sources that has a license which is incompatible with GPLv3, the original license prevails. For more information check https://www.gnu.org/licenses/gpl-3.0.en.html or the LICENSE file in the root of this repository.

Please note that Agile Information Security Limited (Agile InfoSec) relies on information provided by the vendor / product manufacturer when listing fixed versions, products or releases. Agile InfoSec does not verify this information, except when specifically mentioned in the advisory text and requested or contracted by the vendor to do so.

Unconfirmed vendor fixes might be ineffective, incomplete or easy to bypass and it is the vendor's responsibility to ensure all the vulnerabilities found by Agile InfoSec are resolved properly. Agile InfoSec usually provides the information in its advisories free of charge to the vendor, as well as a minimum of six months for the vendor to resolve the vulnerabilities identified in its advisories before they are made public.

Agile InfoSec does not accept any responsibility, financial or otherwise, from any material losses, loss of life or reputational loss as a result of misuse of the information or code contained or mentioned in its advisories. It is the vendor's responsibility to ensure their products' security before, during and after release to market.

Pedro Ribeiro (pedrib_at_gmail_dot_com)
Founder & Director of Research at Agile Information Security
Twitter: @pedrib1337

Feel free to send me questions / comments / criticism.

About

Advisories, proof of concept files and exploits that have been made public by @pedrib.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 88.8%
  • HTML 6.2%
  • C# 1.9%
  • Java 1.7%
  • Other 1.4%