How Microsoft Accidentally Backdoored 270 MILLION Users
252.7 هزار بار بازدید -
3 ساعت پیش
-
Try SquareX for free today!
Try SquareX for free today! 👉 sqrx.io/dbv2_yt
In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web and desktop technologies, as well as JavaScript, prototypes, and APIs are crucial.
JOIN THE DISCORD! 👉 discord.gg/WYqqp7DXbm
0:00 - Overview
0:46 - Electron
2:30 - Entry Point + Chain Architecture
3:25 - Cross-site Scripting (XSS)
6:53 - Prototype Pollution
11:10 - Sandbox Escape
13:26 - SquareX
Masato Kinugawa's report:
speakerdeck.com/masatokinugawa/how-i-hacked-micros…
AngularJS RegEx:
github.com/angular/angular.js/blob/47bf11ee9466436…
SquareX socials:
Twitter: twitter.com/getsquarex
LinkedIn: www.linkedin.com/company/getsquarex/
Instagram: www.instagram.com/getsquarex/
Facebook: www.facebook.com/getsquarex
Blog: labs.sqrx.com/
MUSIC CREDITS:
LEMMiNO - Cipher
• LEMMiNO - Cipher (BGM)
CC BY-SA 4.0
LEMMiNO - Firecracker
• LEMMiNO - Firecracker (BGM)
CC BY-SA 4.0
LEMMiNO - Nocturnal
• LEMMiNO - Nocturnal (BGM)
CC BY-SA 4.0
LEMMiNO - Siberian
• LEMMiNO - Siberian (BGM)
CC BY-SA 4.0
LEMMiNO - Encounters
• LEMMiNO - Encounters (BGM)
CC BY-SA 4.0
#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #encoding #lowlevelsecurity #zeroday #zero-day #bugbounty #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #XSS #crosssitescripting #web #webdev #electron #HTML #hacked #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec
3 ساعت پیش
در تاریخ 1403/07/08 منتشر شده
است.
252,712
بـار بازدید شده