Загрузка видео...

Не удалось загрузить видео

Возникла проблема при загрузке этого видео. Это может быть связано с временными проблемами сети или видео может быть недоступно.

На главную

The MOVEit Transfer exploitation is not just SQL injection(👀) We uncovered the very last stage of the attack chain to drop human2.aspx ultimately ends up gaining remote code execution ‼ We fully recreated the attack chain with a demo achieving a reverse shell & ransomware!

John Hammond

319,859 subscribers

236,636 просмотров • 3 лет назад •via X (Twitter)

Наука и технологии Новости и политика

Anya Rossi• Live Now

Private livecam show

Комментарии: 9

Фото профиля John Hammond

John Hammond3 лет назад

Check out all that we've been digging into:

Фото профиля Peter M

Peter M3 лет назад

Awesome work. If you can share, approximately how many research hours were required to recreate this? I think it's important for people to understand that an attack chain like this really requires a lot of time to understand even though a blog post/video seems "easy".

Фото профиля Thomas Roccia 🤘

Thomas Roccia 🤘3 лет назад

Very well-done folks!! 👌

Фото профиля Night_Wa1ker

Night_Wa1ker3 лет назад

John Hammond does it again.

Фото профиля Kevin O

Kevin O3 лет назад

The remote code execution is scary but why is SQL injection still a thing in 2023? We know how to prevent it and have done for years.

Фото профиля Roozbeh Kavian

Roozbeh Kavian3 лет назад

I think the targets got so wide they decided their focus on stealing data rather than ransom

Фото профиля Drew

Drew3 лет назад

Thanks for all the outstanding work!

Фото профиля Luca Barbetti

Luca Barbetti3 лет назад

Congratulations, excellent work! 👏👏👏👏 Thank you

Фото профиля Brute Bee

Brute Bee3 лет назад

So you are behind Cl0p then this whole time!!..

Похожие видео

"I think MegaETH has demonstrated that we walk the talk." "We did a stress test last year, 40,000 TPS continuously blasting the chain. It works beautifully." "We say the chain is fast. The chain turned out to be really fast." — Shuyao Kong, co-founder of MegaETH

"I think MegaETH has demonstrated that we walk the talk." "We did a stress test last year, 40,000 TPS continuously blasting the chain. It works beautifully." "We say the chain is fast. The chain turned out to be really fast." — Shuyao Kong, co-founder of MegaETH

The Rollup

55,648 просмотров • 1 месяц назад

SQLi just got much easier with Burp AI! 🤯 Watch Ben Sadeghipour demonstrate 👀 Burp AI doesn't just find the SQL injection, it automates the entire process: 👉 Determines column count. 👉 Extracts database and table names. 👉 Launches the full exploit to dump data! 💥 Stop worrying about manual steps and let AI handle the full attack chain 👇

SQLi just got much easier with Burp AI! 🤯 Watch Ben Sadeghipour demonstrate 👀 Burp AI doesn't just find the SQL injection, it automates the entire process: 👉 Determines column count. 👉 Extracts database and table names. 👉 Launches the full exploit to dump data! 💥 Stop worrying about manual steps and let AI handle the full attack chain 👇

Web Security Academy

11,029 просмотров • 7 месяцев назад

An obscure feature in Super Mario Maker 2 is "Chain Chomp Stack Solidarity". A Chain Chomp will attack other Chain Chomps, but will refuse to harm those it was stacked with. Even if the stack is completely separated, the Chain Chomp will remember its friends and not harm them.

An obscure feature in Super Mario Maker 2 is "Chain Chomp Stack Solidarity". A Chain Chomp will attack other Chain Chomps, but will refuse to harm those it was stacked with. Even if the stack is completely separated, the Chain Chomp will remember its friends and not harm them.

Supper Mario Broth

125,705 просмотров • 1 год назад

BNB Chain This is DeepFlow, the first Vibe-Coding tool on BNB Chain. The video below is an example of developing a token transfer tool on the BNB Chain. DeepFlow enables zero-code creation of various Web3 applications and smart contracts, unleashing your creativity in the BNB Chain ecosystem.

BNB Chain This is DeepFlow, the first Vibe-Coding tool on BNB Chain. The video below is an example of developing a token transfer tool on the BNB Chain. DeepFlow enables zero-code creation of various Web3 applications and smart contracts, unleashing your creativity in the BNB Chain ecosystem.

DeepFlow

70,196 просмотров • 1 год назад

Can AI chain tools together to complete complex tasks in real-time? Gemini 2.0 can. Here's a React demo using the new Multimodal Live API to chain code execution + real-time Google Search. I'm amazed at how fast this is.

Can AI chain tools together to complete complex tasks in real-time? Gemini 2.0 can. Here's a React demo using the new Multimodal Live API to chain code execution + real-time Google Search. I'm amazed at how fast this is.

Addy Osmani

17,782 просмотров • 1 год назад

.Vice President JD Vance: "If the Iranians attack us, they're going to be met with overwhelming force ... We did not attack the nation of Iran. We did not attack any civilian targets. We didn't even attack military targets outside of the three nuclear weapons facilities."

.Vice President JD Vance: "If the Iranians attack us, they're going to be met with overwhelming force ... We did not attack the nation of Iran. We did not attack any civilian targets. We didn't even attack military targets outside of the three nuclear weapons facilities."

Rapid Response 47

1,853,045 просмотров • 11 месяцев назад

“Is there a market that we Yoruba people go to where we buy things very very cheap? Is there a farm that we go to where we are not afraid that herdsmen are going to attack us? Is there a filling station where we buy fuel for N100 per liter? You just talk about the incompetence of the govt, because the govt of the day is a Yoruba person, you see all Yoruba people coming to your comment section to attack you.” ~Yoruba man asks Yoruba bigots important questions

“Is there a market that we Yoruba people go to where we buy things very very cheap? Is there a farm that we go to where we are not afraid that herdsmen are going to attack us? Is there a filling station where we buy fuel for N100 per liter? You just talk about the incompetence of the govt, because the govt of the day is a Yoruba person, you see all Yoruba people coming to your comment section to attack you.” ~Yoruba man asks Yoruba bigots important questions

Dr. Kenon

11,456 просмотров • 22 дней назад

“We need to be looking higher up the chain, than people with a blue badge. End of.” #BBUK #BBLL

“We need to be looking higher up the chain, than people with a blue badge. End of.” #BBUK #BBLL

putasinghonit

371,264 просмотров • 8 месяцев назад

Today is the anniversary of the Lindt Cafe Siege, a terror attack very similar to Bondi shootings. But sadly, the similarity in government response means we may see another. What we need this time is decisiveness and willingness to address the perpetrators, not just the means.

Today is the anniversary of the Lindt Cafe Siege, a terror attack very similar to Bondi shootings. But sadly, the similarity in government response means we may see another. What we need this time is decisiveness and willingness to address the perpetrators, not just the means.

auspill

20,258 просмотров • 5 месяцев назад

Introducing Bitlight RLN, the first product-ready desktop client that brings RGB asset issuance and transfer to the Lightning Network. We are making programmable Bitcoin assets instant, cheap, and real. Issue assets. Open RGB channels. Transfer instantly over Lightning. Settle on-chain. Not a testnet demo. Not a proof of concept. A real product. Watch the full walkthrough.

Introducing Bitlight RLN, the first product-ready desktop client that brings RGB asset issuance and transfer to the Lightning Network. We are making programmable Bitcoin assets instant, cheap, and real. Issue assets. Open RGB channels. Transfer instantly over Lightning. Settle on-chain. Not a testnet demo. Not a proof of concept. A real product. Watch the full walkthrough.

Bitlight Labs⚡️

52,932 просмотров • 2 месяцев назад

Social security is not under attack. Medicare is not under attack. Veteran benefits are not under attack. But our very existence as a nation has been under attack by dirty, greedy, lazy politicians and bureaucrats who have chained us to $36 trillion in debt. You are under attack and you have been under attack by your own federal government. We must reduce our debt and I proudly stand with President Trump, Elon Musk, and the DOGE efforts to reduce the size of the federal government. The people sent a mandate and we are going to stand up for the American worker and American companies with tariffs. We will return order to America and defeat the globalists. Thank you to President Trump for standing up for us, the American people!

Social security is not under attack. Medicare is not under attack. Veteran benefits are not under attack. But our very existence as a nation has been under attack by dirty, greedy, lazy politicians and bureaucrats who have chained us to $36 trillion in debt. You are under attack and you have been under attack by your own federal government. We must reduce our debt and I proudly stand with President Trump, Elon Musk, and the DOGE efforts to reduce the size of the federal government. The people sent a mandate and we are going to stand up for the American worker and American companies with tariffs. We will return order to America and defeat the globalists. Thank you to President Trump for standing up for us, the American people!

Former Congresswoman Marjorie Taylor Greene🇺🇸

299,451 просмотров • 1 год назад

Meet Josefina ❤️ Rescued from a life on a chain, this blind 14yr old mastin has just arrived to GDS with Lara. Lara cut the chain. The good news is we might be able to help her as her blindness is caused by neglect and not a genetic factor. Of course the galgueros love their dogs tho 😡 Update soon. We do hope a home is out there for her last year or so of her life 🙏🏻

Meet Josefina ❤️ Rescued from a life on a chain, this blind 14yr old mastin has just arrived to GDS with Lara. Lara cut the chain. The good news is we might be able to help her as her blindness is caused by neglect and not a genetic factor. Of course the galgueros love their dogs tho 😡 Update soon. We do hope a home is out there for her last year or so of her life 🙏🏻

Galgos del Sol

16,943 просмотров • 5 месяцев назад

FRONTRUN 🏃‍♂️ They said don't front run the market. We built the market to front run itself. My first long-form generative art collection... fully On-chain, animated, living on Ethereum forever. Every mint is a head start written on-chain. A few get to run first. Repost + drop your EVM wallet below, picking from the comments. You're not early. You're just front running.

FRONTRUN 🏃‍♂️ They said don't front run the market. We built the market to front run itself. My first long-form generative art collection... fully On-chain, animated, living on Ethereum forever. Every mint is a head start written on-chain. A few get to run first. Repost + drop your EVM wallet below, picking from the comments. You're not early. You're just front running.

Solemn

12,395 просмотров • 4 дней назад

"Chain Dynamics" of GBA Enterprises | Embark on a journey through the heart of Guangdong's manufacturing revolution, where traditional industries are embracing digitalization with a unique "chain-style transformation." From the industrial internet platform of home appliance titan Midea to the intelligent cloud services tailored for the textile industry, Guangdong is leading the way in a digital revolution that is not just about technology but about the deep integration of the entire industrial supply chain. Join us as we explore how #Guangdong is pioneering "#chain-style transformation". 薛剑XueJian

"Chain Dynamics" of GBA Enterprises | Embark on a journey through the heart of Guangdong's manufacturing revolution, where traditional industries are embracing digitalization with a unique "chain-style transformation." From the industrial internet platform of home appliance titan Midea to the intelligent cloud services tailored for the textile industry, Guangdong is leading the way in a digital revolution that is not just about technology but about the deep integration of the entire industrial supply chain. Join us as we explore how #Guangdong is pioneering "#chain-style transformation". 薛剑XueJian

Glocal

105,765 просмотров • 1 год назад

On the right we attack ideas. On the left they attack people. Its a very different mindset.

On the right we attack ideas. On the left they attack people. Its a very different mindset.

TheLizVariant

21,643 просмотров • 4 месяцев назад

We can all agree on one thing: The trenches don't want to miss a runner - regardless of the chain they're trenching on. So we made a solution, for the trenches. Introducing "Multi-Chain Deploy": Deploy up to 50 coins across $SOL & $BNB at once, only with uDev.

We can all agree on one thing: The trenches don't want to miss a runner - regardless of the chain they're trenching on. So we made a solution, for the trenches. Introducing "Multi-Chain Deploy": Deploy up to 50 coins across $SOL & $BNB at once, only with uDev.

uxento

110,027 просмотров • 8 месяцев назад

🚨 Hezbollah's Deputy Chairman of the Political Council, Mahmoud Qomati, in a TV interview last night: Hezbollah is on the border and not on the border - like ghosts. We have not started yet. Hezbollah's patience is running out, but we will not abandon the strategy of patience in the face of enemy provocations. We will not give up the weapons. We will not give up the resistance. We will not allow Lebanon to be abandoned. We need Iran. It does not need us. Israel is too cowardly to attack Iran.

🚨 Hezbollah's Deputy Chairman of the Political Council, Mahmoud Qomati, in a TV interview last night: Hezbollah is on the border and not on the border - like ghosts. We have not started yet. Hezbollah's patience is running out, but we will not abandon the strategy of patience in the face of enemy provocations. We will not give up the weapons. We will not give up the resistance. We will not allow Lebanon to be abandoned. We need Iran. It does not need us. Israel is too cowardly to attack Iran.

Raylan Givens

43,378 просмотров • 5 месяцев назад

Meet Megahop. He just found a book that’s a little too real, but the last page is missing. Is it the end of the road? Grab WL → Introduce Megahop Supply : 3333 Price : Fully FREE MINT Chain MegaETH Follow + RT + Drop your EVM Wallet👇

Meet Megahop. He just found a book that’s a little too real, but the last page is missing. Is it the end of the road? Grab WL → Introduce Megahop Supply : 3333 Price : Fully FREE MINT Chain MegaETH Follow + RT + Drop your EVM Wallet👇

Mega Hop

38,646 просмотров • 3 месяцев назад

Ink Chain, Kraken's blockchain, is now live on OpenSea. To celebrate the launch, we collaborated with ink to drop a free commemorative NFT. Mint link in the next Tweet! 👇

Ink Chain, Kraken's blockchain, is now live on OpenSea. To celebrate the launch, we collaborated with ink to drop a free commemorative NFT. Mint link in the next Tweet! 👇

OpenSea

293,041 просмотров • 4 месяцев назад

We are unlocking something big 🔥 With Nexera Chain now live on mainnet, we’re bringing a completely new experience to the market, one that lowers the barrier to ZERO and opens the door to anyone wanting to enter tokenization. No blockchain knowledge. No dev skills. Just an idea and a simple AI prompt. From that prompt, you instantly get a fully functional landing page and a tokenized marketplace. All powered by Nexera Chain. This changes everything. It means Web2 creators, companies, and entrepreneurs can now launch tokenized products and markets without ever touching a line of code. This is how Nexera Chain will drive real adoption. This is how we onboard the next wave of TVL. This is how we turn curious users into real builders. We're not just enabling new use cases. We're creating a new standard. Nexera Chain is here. And it's about to get wild. $NXRA 🚀

We are unlocking something big 🔥 With Nexera Chain now live on mainnet, we’re bringing a completely new experience to the market, one that lowers the barrier to ZERO and opens the door to anyone wanting to enter tokenization. No blockchain knowledge. No dev skills. Just an idea and a simple AI prompt. From that prompt, you instantly get a fully functional landing page and a tokenized marketplace. All powered by Nexera Chain. This changes everything. It means Web2 creators, companies, and entrepreneurs can now launch tokenized products and markets without ever touching a line of code. This is how Nexera Chain will drive real adoption. This is how we onboard the next wave of TVL. This is how we turn curious users into real builders. We're not just enabling new use cases. We're creating a new standard. Nexera Chain is here. And it's about to get wild. $NXRA 🚀

Nexera

32,046 просмотров • 10 месяцев назад