Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Microsoft 37GB source code leaked? (https://forum.exetools.com/showthread.php?t=20121)

WhoCares 03-22-2022 20:48

Microsoft 37GB source code leaked?
 
lol

Lapsus$ hackers leak 37GB of Microsoft's alleged source code.

No URL yet

quote:

The notorious hacking group Lapsus$ appears to have successfully breached and leaked the source code for several Microsoft projects including bing, Cortana from the company's internal Azure DevOps server.

The hacktivist gang posted a screenshot to their Telegram channel early Sunday morning, March 20, claiming they hacked the software giant's internal servers that contained source code for Bing, Cortana, and various other projects. The following day, the group posted a torrent for a 9GB zipped archive containing the source code of over 250 projects allegedly belonging to Microsoft.

p4r4d0x 03-22-2022 21:03

And Vodafone is Next

DARKER 03-22-2022 21:24

Code:

https://www.bleepingcomputer.com/news/microsoft/lapsus-hackers-leak-37gb-of-microsofts-alleged-source-code/

DavidXanatos 03-22-2022 22:28

nice... but still waiting for the full windows 11 source code leak... given how anti consumer MSFT is recently it would be a well deserved one.

PS: if you need the torrent just google their telegram its there very prominently placed

WhoCares 03-22-2022 23:03

yes I found their TG. thx

magnet:?xt=urn:btih:BFCFBC5E631A309271C8773BD6781C1BD63B4387


DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/


Quote:

Originally Posted by DavidXanatos (Post 125041)
nice... but still waiting for the full windows 11 source code leak... given how anti consumer MSFT is recently it would be a well deserved one.

PS: if you need the torrent just google their telegram its there very prominently placed


atom0s 03-24-2022 02:51

The group said the torrent includes:

Quote:

Leak of some Bing, Bing Maps and Cortana source code - Bing Maps is 90% complete dump, Bind and Cortana around 45%

sh3dow 03-24-2022 03:28

When these guys stop this bullshit and release the whole files? all their releases are nearly worthless, incomplete and lack the good parts. Who really care about Bing Maps and Cortana source code?

Even this leak feels it lack the good parts of Bing and Cortana
Here a Tree listing [restricted to only directories max 3 levels deep] for the curious of you
https://pastebin.com/raw/qg5Y4cia

FoxB 03-24-2022 14:08

this leak have any certificates?

Platform--Secrets-- CodeSign
Platform--private--SignPlatform
CoXDataMining--Certificate

sh3dow 03-25-2022 06:01

Quote:

Platform--Secrets-- CodeSign
Code:

`-- CodeSign
|      |-- CloudSignAadAccess.cer
|      |-- CloudSignAadAccess.pfx.qencr
|      `-- CloudSignAadKey.dat

Quote:

Platform--private--SignPlatform
No certs, probably they didn't want them to be leaked and want them for private use.

Code:

|-- private
|  |-- SignPlatform
|  |  `-- makecat.proj
|  |-- cache.config
|  |-- dirs.proj
|  `-- packages
|      |-- PacmanBranchSpecificSettings.txt
|      `-- packages.ini


Quote:

CoXDataMining--Certificate
Code:

|-- CoXDataMining
|  |-- Certificate
|  |  |-- TestCertificate.ps1
|  |  |-- coxreporting.phx.gbl.cer
|  |  |-- coxreporting.phx.gbl.pfx
|  |  `-- privateKeyPassword.txt

and similar folder
Code:

|-- CoXDataMining\ (1)
|  |-- Certificate
|  |  |-- TestCertificate.ps1
|  |  |-- coxreporting.phx.gbl.cer
|  |  |-- coxreporting.phx.gbl.pfx
|  |  `-- privateKeyPassword.txt

The full tree listing are here, it's to big to paste in pastebin (20mb)
It contains the whole hierarchy of folders and files in the leak
hxxps://www.mediafire.com/file/1wfezr4fseq10g3/MS-leak-full-tree.txt/file

WhoCares 03-25-2022 11:01

British police say seven people arrested following series of hacks by Lapsus$ group

JMP-JECXZ 03-25-2022 22:50

7 teenagers have been arrested in connection to LAPSUS$
https://www.bbc.co.uk/news/technology-60864283

bolo2002 03-26-2022 00:18

"...The boy's father told the BBC his family was concerned and was trying to keep him away from his computers..."
but it's the same for every father,mother since decades :)

atom0s 03-26-2022 03:13

The group put out a message on their Telegram this morning. Looks like the people arrested are potentially all fakes claiming to be part of the group but actually aren't. Hard to say if it's entirely true for all of them arrested, but their message leans that way:

Code:

https://i.imgur.com/wYcStn4.png

Bidasci 05-30-2022 06:49

don't know if people still want to download this but I downloaded the leak when it was first made available, I split the folder into two parts and the download can be viewed here:
Code:

hxxps://filecrypt.cc/Container/72EAA69F33.html
Full folder directory can be viewed here as well:
Code:

hxxps://cpaste.org/?a22ceffb98bc26a5#7eQ9tfZkyNxX7qpGSAhv8JyXXRS1uBgWHTJFeSLtni8y
SHA-256 Checksum of part1 & part2 rar's:
Code:

Name: Microsoft Source Code Leak 2022.part01.rar
SHA256: 0A592C6EEC0DE884853814F78D6A88AA5145AE21C15FF1AFE06DF3DBACFE9064
Name: Microsoft Source Code Leak 2022.part02.rar
SHA256: AF6B354004FCCFEEFB07D43D132DF313A3646F4B2874AB2A77ADB056DD58BB34


Shub-Nigurrath 05-30-2022 18:56

rather than downloading, I am wondering which types of conclusions, pieces of evidence or gems people found inside. It's a mess of code and I imagine a lot of ppl already dug inside .. A discussion on this would be interesting!

thanks


All times are GMT +8. The time now is 23:12.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX