How Microsoft Accidentally Backdoored 270 MILLION Users

Try SquareX for free today! 👉 sqrx.io/dbv2_yt In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web and desktop technologies, as well as JavaScript, prototypes, and APIs are crucial. JOIN THE DISCORD! 👉 discord.gg/WYqqp7DXbm 0:00 - Overview 0:46 - Electron 2:30 - Entry Point + Chain Architecture 3:25 - Cross-site Scripting (XSS) 6:53 - Prototype Pollution 11:10 - Sandbox Escape 13:26 - SquareX Masato Kinugawa's report: speakerdeck.com/masatokinugawa/how-i-hacked-micros… AngularJS RegEx: github.com/angular/angular.js/blob/47bf11ee9466436… SquareX socials: Twitter: twitter.com/getsquarex LinkedIn: www.linkedin.com/company/getsquarex/ Instagram: www.instagram.com/getsquarex/ Facebook: www.facebook.com/getsquarex Blog: labs.sqrx.com/ MUSIC CREDITS: LEMMiNO - Cipher    • LEMMiNO - Cipher (BGM)   CC BY-SA 4.0 LEMMiNO - Firecracker    • LEMMiNO - Firecracker (BGM)   CC BY-SA 4.0 LEMMiNO - Nocturnal    • LEMMiNO - Nocturnal (BGM)   CC BY-SA 4.0 LEMMiNO - Siberian    • LEMMiNO - Siberian (BGM)   CC BY-SA 4.0 LEMMiNO - Encounters    • LEMMiNO - Encounters (BGM)   CC BY-SA 4.0 #programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #encoding #lowlevelsecurity #zeroday #zero-day #bugbounty #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #XSS #crosssitescripting #web #webdev #electron #HTML #hacked #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec

• #
• #programming
• #software
• #softwareengineering
• #computerscience
• #code
• #programminglanguage
• #softwaredevelopment
• #hacking
• #hack
• #cybersecurity
• #exploit
• #tracking
• #softwareengineer
• #vulnerability
• #pentesting
• #privacy
• #spyware
• #malware
• #cyber
• #cyberattack
• #bugbounties
• #ethicalhacking
• #encoding
• #lowlevelsecurity
• #zeroday
• #zero_day
• #bugbounty
• #security
• #cyber_security
• #breaches
• #data_breaches
• #bug
• #bug_bounty
• #pen_testing
• #penetration_testing
• #backdoor
• #javascript
• #xss
• #cross_site_scripting
• #web
• #webdev
• #electron
• #html
• #hacked