正在加载视频...
视频加载失败
The MOVEit Transfer exploitation is not just SQL injection(👀) We uncovered the very last stage of the attack chain to drop human2.aspx ultimately ends up gaining remote code execution ‼ We fully recreated the attack chain with a demo achieving a reverse shell & ransomware!
9 条评论

John Hammond3 年前
Check out all that we've been digging into:

Peter M3 年前
Awesome work. If you can share, approximately how many research hours were required to recreate this? I think it's important for people to understand that an attack chain like this really requires a lot of time to understand even though a blog post/video seems "easy".

Thomas Roccia 🤘3 年前
Very well-done folks!! 👌

Night_Wa1ker3 年前
John Hammond does it again.

Kevin O3 年前
The remote code execution is scary but why is SQL injection still a thing in 2023? We know how to prevent it and have done for years.

Roozbeh Kavian3 年前
I think the targets got so wide they decided their focus on stealing data rather than ransom

Drew3 年前
Thanks for all the outstanding work!

Luca Barbetti3 年前
Congratulations, excellent work! 👏👏👏👏 Thank you

Brute Bee3 年前
So you are behind Cl0p then this whole time!!..

