#hashpwn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hashpwn, aggregated by home.social.
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Copy Fail (CVE-2026-31431) is a Linux kernel LPE that gives root access on every major linux distro.
All that is needed is local shell access and a few lines of python.
https://forum.hashpwn.net/post/12727
#cybersecurity #copyfail #linux #exploit #cve202631431 #hashpwn
-
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Storm-1175 is hitting orgs with chained zero-days and dropping Medusa ransomware in under 24 hours.
Full write-up: https://forum.hashpwn.net/post/12014
#cybersecurity #storm1175 #zeroday #medusa #ransomeware #windows #news #hashpwn
-
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Congrats to HashMob for winning Crack the Con 2026!
1. #HashMob Lite
2. #PizzaPlannet
3. #hash_meltdown -
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
Update: Solflare “xpass exploit" Details Released
In Feb 2025, I reported an exploit vulnerability in the Solflare Chrome wallet which allowed the wallet vault (solflaredata) to be decrypted without the user's password.
Turns out, this was a backdoor, not a bug.
Today, I am releasing the full details of the xpass exploit, aka the "backdoor master key".
https://forum.hashpwn.net/post/11116
#solflare #crypto #wallet #vulnerability #exploit #backdoor #xpass #cyclone #hashpwn #news #infosec #cybersecurity
-
Cisco Catalyst SD-WAN CVSS 10.0 zero-day (CVE-2026-20127) has been actively exploited, with attackers gaining admin access.
Full technical breakdown: https://forum.hashpwn.net/post/10802
#cisco #sdwan #cvss10 #cve202620127 #exploit #cybersecurity #infosec #news #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn
-
New release: guarda_pwn
Tool to decrypt and recover Guarda crypto wallets.
Details: https://forum.hashpwn.net/post/10799
#guarda #wallet #crypto #recovery #seedphrase #infosec #hashpwn