Pedro Ribeiro (@pedrib) Exploit Dumping Grounds

This repository contains information, exploits, scripts, etc, that I have made public and it is located at https://github.com/pedrib/PoC.

• advisories: all my public advisories, research notes, etc
  • Pwn2Own: advisories related to my Pwn2Own participations
• exploits: all my public exploits
  • metasploit: Metasploit modules created by myself and integrated into the Metasploit framework
    • Pwn2Own: Metasploit modules created for / used in Pwn2Own competitions I have participated in
• fuzzing: proof of concept or fuzzing testcases that have an assigned CVE identifier but weren't exploitable (or I just didn't have time to dig further and make them exploitable)
• tools: a few of my tools which might be useful for other hackers
• pedigree.csv: a CSV file containing all my trophies, aka CVE and ZDI identifiers assigned to my vulnerabilities, my Metasploit modules that have been integrated into the framework, etc (basically my vulnerability CV)
• pedrib-gmail-pgp.asc: my current PGP key for pedrib_at_gmail_dot_com

All information, code and binary data in this repository is released to the public under the GNU General Public License, version 3 (GPLv3). For information, code or binary data obtained from other sources that has a license which is incompatible with GPLv3, the original license prevails. For more information check https://www.gnu.org/licenses/gpl-3.0.en.html or the LICENSE file in the root of this repository.

Please note that Agile Information Security Limited (Agile InfoSec) relies on information provided by the vendor / product manufacturer when listing fixed versions, products or releases. Agile InfoSec does not verify this information, except when specifically mentioned in the advisory text and requested or contracted by the vendor to do so.

Unconfirmed vendor fixes might be ineffective, incomplete or easy to bypass and it is the vendor's responsibility to ensure all the vulnerabilities found by Agile InfoSec are resolved properly. Agile InfoSec usually provides the information in its advisories free of charge to the vendor, as well as a minimum of six months for the vendor to resolve the vulnerabilities identified in its advisories before they are made public.

Agile InfoSec does not accept any responsibility, financial or otherwise, from any material losses, loss of life or reputational loss as a result of misuse of the information or code contained or mentioned in its advisories. It is the vendor's responsibility to ensure their products' security before, during and after release to market.

Pedro Ribeiro (pedrib_at_gmail_dot_com)
Founder & Director of Research at Agile Information Security
Twitter: @pedrib1337

Feel free to send me questions / comments / criticism.