Video yükleniyor...

Video Yüklenemedi

Ana Sayfaya Dön

The MOVEit Transfer exploitation is not just SQL injection(👀) We uncovered the very last stage of the attack chain to drop human2.aspx ultimately ends up gaining remote code execution ‼ We fully recreated the attack chain with a demo achieving a reverse shell & ransomware!

236,667 görüntüleme • 3 yıl önce •via X (Twitter)

9 Yorum

John Hammond profil fotoğrafı
John Hammond3 yıl önce

Check out all that we've been digging into:

Peter M profil fotoğrafı
Peter M3 yıl önce

Awesome work. If you can share, approximately how many research hours were required to recreate this? I think it's important for people to understand that an attack chain like this really requires a lot of time to understand even though a blog post/video seems "easy".

Thomas Roccia 🤘 profil fotoğrafı
Thomas Roccia 🤘3 yıl önce

Very well-done folks!! 👌

Night_Wa1ker profil fotoğrafı
Night_Wa1ker3 yıl önce

John Hammond does it again.

Kevin O profil fotoğrafı
Kevin O3 yıl önce

The remote code execution is scary but why is SQL injection still a thing in 2023? We know how to prevent it and have done for years.

Roozbeh Kavian profil fotoğrafı
Roozbeh Kavian3 yıl önce

I think the targets got so wide they decided their focus on stealing data rather than ransom

Drew profil fotoğrafı
Drew3 yıl önce

Thanks for all the outstanding work!

Luca Barbetti profil fotoğrafı
Luca Barbetti3 yıl önce

Congratulations, excellent work! 👏👏👏👏 Thank you

Brute Bee profil fotoğrafı
Brute Bee3 yıl önce

So you are behind Cl0p then this whole time!!..

Benzer Videolar