cve/2020/CVE-2020-0601.md

### [CVE-2020-0601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0601)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%2032-bit%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20ARM64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201903%20for%20x64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%2032-bit%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20ARM64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201909%20for%20x64-based%20Systems&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201903%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%2C%20version%201909%20(Server%20Core%20installation)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Windows&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Spoofing&color=brighgreen)

### Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

### POC

#### Reference
- http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0xT11/CVE-POC
- https://github.com/0xxon/cve-2020-0601
- https://github.com/0xxon/cve-2020-0601-plugin
- https://github.com/0xxon/cve-2020-0601-utils
- https://github.com/20142995/sectool
- https://github.com/3th1c4l-t0n1/EnableWindowsLogSettings
- https://github.com/5l1v3r1/CVE-2020-0606
- https://github.com/84KaliPleXon3/ctf-katana
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AWimpyNiNjA/Powershell
- https://github.com/AdavVegab/PoC-Curveball
- https://github.com/AmitNiz/exploits
- https://github.com/ArrestX/--POC
- https://github.com/Ash112121/CVE-2020-0601
- https://github.com/BlueTeamSteve/CVE-2020-0601
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/CheatBreaker/Security-Advisory
- https://github.com/CnHack3r/Penetration_PoC
- https://github.com/DipeshGarg/Shell-Scripts
- https://github.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell
- https://github.com/EchoGin404/-
- https://github.com/EchoGin404/gongkaishouji
- https://github.com/ExpLife0011/awesome-windows-kernel-security-development
- https://github.com/FumoNeko/Hashcheck
- https://github.com/GhostTroops/TOP
- https://github.com/Hans-MartinHannibalLauridsen/CurveBall
- https://github.com/IIICTECH/-CVE-2020-0601-ECC---EXPLOIT
- https://github.com/InQuest/yara-rules
- https://github.com/Information-Warfare-Center/CSI-SIEM
- https://github.com/JERRY123S/all-poc
- https://github.com/JPurrier/CVE-2020-0601
- https://github.com/JoelBts/CVE-2020-0601_PoC
- https://github.com/JohnHammond/ctf-katana
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/MarkusZehnle/CVE-2020-0601
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ondrik8/exploit
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/RrUZi/Awesome-CVE-2020-0601
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShayNehmad/twoplustwo
- https://github.com/SherlockSec/CVE-2020-0601
- https://github.com/Threekiii/Awesome-POC
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/Yamato-Security/EnableWindowsLogSettings
- https://github.com/YoannDqr/CVE-2020-0601
- https://github.com/YojimboSecurity/YojimboSecurity
- https://github.com/YojimboSecurity/chainoffools
- https://github.com/amlweems/gringotts
- https://github.com/apmunch/CVE-2020-0601
- https://github.com/apodlosky/PoC_CurveBall
- https://github.com/aymankhder/ctf_solver
- https://github.com/bsides-rijeka/meetup-2-curveball
- https://github.com/cimashiro/-Awesome-CVE-2020-0601-
- https://github.com/cisagov/Malcolm
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/david4599/CurveballCertTool
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dlee35/curveball_lua
- https://github.com/eastmountyxz/CSDNBlog-Security-Based
- https://github.com/eastmountyxz/CVE-2018-20250-WinRAR
- https://github.com/eastmountyxz/CVE-2020-0601-EXP
- https://github.com/eastmountyxz/NetworkSecuritySelf-study
- https://github.com/eastmountyxz/SystemSecurity-ReverseAnalysis
- https://github.com/exploitblizzard/CVE-2020-0601-spoofkey
- https://github.com/gentilkiwi/curveball
- https://github.com/githuberxu/Safety-Books
- https://github.com/gremwell/cve-2020-0601_poc
- https://github.com/gremwell/qsslcaudit
- https://github.com/gremwell/qsslcaudit-pkg-deb
- https://github.com/hackerhouse-opensource/exploits
- https://github.com/hasee2018/Penetration_Testing_POC
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/hktalent/TOP
- https://github.com/huike007/penetration_poc
- https://github.com/huike007/poc
- https://github.com/huynhvanphuc/EnableWindowsLogSettings
- https://github.com/hwiwonl/dayone
- https://github.com/ioncodes/Curveball
- https://github.com/ioncodes/ioncodes
- https://github.com/jbmihoub/all-poc
- https://github.com/kerk1/WarfareCenter-CSI-SIEM
- https://github.com/kudelskisecurity/chainoffools
- https://github.com/kudelskisecurity/northsec_crypto_api_attacks
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lnick2023/nicenice
- https://github.com/ly4k/CurveBall
- https://github.com/mmguero-dev/Malcolm-PCAP
- https://github.com/modubyk/CVE_2020_0601
- https://github.com/mvlnetdev/zeek_detection_script_collection
- https://github.com/nissan-sudo/CVE-2020-0601
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/okanulkr/CurveBall-CVE-2020-0601-PoC
- https://github.com/password520/Penetration_PoC
- https://github.com/pravinsrc/NOTES-windows-kernel-links
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/robmichel2854/robs-links
- https://github.com/s1lver-lining/Starlight
- https://github.com/saleemrashid/badecparams
- https://github.com/shengshengli/NetworkSecuritySelf-study
- https://github.com/soosmile/POC
- https://github.com/sourcx/zeekweek-2021
- https://github.com/supermandw2018/SystemSecurity-ReverseAnalysis
- https://github.com/talbeerysec/CurveBallDetection
- https://github.com/thimelp/cve-2020-0601-Perl
- https://github.com/tobor88/PowerShell-Blue-Team
- https://github.com/tyj956413282/curveball-plus
- https://github.com/ucsb-seclab/DeepCASE-Dataset
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/yanghaoi/CVE-2020-0601
- https://github.com/yedada-wei/-
- https://github.com/yedada-wei/gongkaishouji
- https://github.com/yshneyderman/CS590J-Capstone
- https://github.com/ztora/msvuln