home.social

#hashpwn — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #hashpwn, aggregated by home.social.

  1. YellowKey: BitLocker Bypass or Backdoor

    YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

    At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

    Read more: forum.hashpwn.net/post/13339

    #BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

  2. YellowKey: BitLocker Bypass or Backdoor

    YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

    At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

    Read more: forum.hashpwn.net/post/13339

    #BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

  3. YellowKey: BitLocker Bypass or Backdoor

    YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

    At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

    Read more: forum.hashpwn.net/post/13339

    #BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

  4. YellowKey: BitLocker Bypass or Backdoor

    YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

    At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

    Read more: forum.hashpwn.net/post/13339

    #BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

  5. Spider v1.0.0 released.

    Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

    URL Mode:
    Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

    But, Spider does not stop at web crawling...

    File Mode:
    Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

    More info:
    forum.hashpwn.net/post/52

    #spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

  6. Spider v1.0.0 released.

    Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

    URL Mode:
    Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

    But, Spider does not stop at web crawling...

    File Mode:
    Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

    More info:
    forum.hashpwn.net/post/52

    #spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

  7. Spider v1.0.0 released.

    Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

    URL Mode:
    Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

    But, Spider does not stop at web crawling...

    File Mode:
    Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

    More info:
    forum.hashpwn.net/post/52

    #spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

  8. Spider v1.0.0 released.

    Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

    URL Mode:
    Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

    But, Spider does not stop at web crawling...

    File Mode:
    Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

    More info:
    forum.hashpwn.net/post/52

    #spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

  9. Spider v1.0.0 released.

    Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.

    URL Mode:
    Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.

    But, Spider does not stop at web crawling...

    File Mode:
    Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.

    More info:
    forum.hashpwn.net/post/52

    #spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking

  10. Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

    All that is needed is local shell access and a few lines of python.

    forum.hashpwn.net/post/12727

    #cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

  11. Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

    All that is needed is local shell access and a few lines of python.

    forum.hashpwn.net/post/12727

    #cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

  12. Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

    All that is needed is local shell access and a few lines of python.

    forum.hashpwn.net/post/12727

    #cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

  13. Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

    All that is needed is local shell access and a few lines of python.

    forum.hashpwn.net/post/12727

    #cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

  14. Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.

    All that is needed is local shell access and a few lines of python.

    forum.hashpwn.net/post/12727

    #cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn

  15. Released: hashgen v1.3.0

    New in this version:

    * HMAC modes
    * PBKDF2 modes
    * scrypt support
    * additional BLAKE2 modes
    * hashcat UTF-16LE modes
    * optimized salt RNG on salted hashes
    * 95+ supported hash modes

    forum.hashpwn.net/post/89

    #hashgen #hashgenerator #hashcracking #hashpwn #golang

  16. Released: hashgen v1.3.0

    New in this version:

    * HMAC modes
    * PBKDF2 modes
    * scrypt support
    * additional BLAKE2 modes
    * hashcat UTF-16LE modes
    * optimized salt RNG on salted hashes
    * 95+ supported hash modes

    forum.hashpwn.net/post/89

    #hashgen #hashgenerator #hashcracking #hashpwn #golang

  17. Released: hashgen v1.3.0

    New in this version:

    * HMAC modes
    * PBKDF2 modes
    * scrypt support
    * additional BLAKE2 modes
    * hashcat UTF-16LE modes
    * optimized salt RNG on salted hashes
    * 95+ supported hash modes

    forum.hashpwn.net/post/89

    #hashgen #hashgenerator #hashcracking #hashpwn #golang

  18. Released: hashgen v1.3.0

    New in this version:

    * HMAC modes
    * PBKDF2 modes
    * scrypt support
    * additional BLAKE2 modes
    * hashcat UTF-16LE modes
    * optimized salt RNG on salted hashes
    * 95+ supported hash modes

    forum.hashpwn.net/post/89

    #hashgen #hashgenerator #hashcracking #hashpwn #golang

  19. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  20. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  21. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  22. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  23. Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...

    Full Details: forum.hashpwn.net/post/11277

    #pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn

  24. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  25. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  26. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  27. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  28. CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.

    hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.

    If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.

    Details:
    forum.hashpwn.net/post/11119

    GitHub repo:
    github.com/Cynosureprime/hashp

    #hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn

  29. Update: Solflare “xpass exploit" Details Released

    In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.

    Turns out, this was a backdoor, not a bug.

    Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".

    forum.hashpwn.net/post/11116

    #solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity

  30. Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.

    Full technical breakdown: forum.hashpwn.net/post/10802

    #cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn