In this video, we review the discovery and exploit development process for CVE-2020-7209 - a remote command injection vulnerability in HP's LinuxKi project.
Пікірлер: 18
@TalsonHacks3 жыл бұрын
A comment for YT algo :D
@InfiniteLogins3 жыл бұрын
Super awesome methodology. It's like automating CVE discovery! Genius!
@CustomDabber3602 жыл бұрын
Do you talk to your mother with that voice?
@000t92 жыл бұрын
Oh thank you bro! Nice tools!
@TechieGanesh Жыл бұрын
great info :D can you tell me how much time on avg does it take for you to discover a zero day like you've shown in the video???? also do you have any tips when starting to hunt 0day in the wild?
@cwinfosec10 ай бұрын
I'm sorry for taking so long to respond. It really depends on the app, sometimes I've found them within an hour, sometimes it took me a day or so after initially investigating. Especially when you consider the skill requirement for certain binary vulnerabilities, it can really take a lot of time to develop a working POC. The important part is hunting for bugs, whether you ultimately find one or not isn't important, just looking for them in the first place is IMO. Best of luck to you my friend!
@alociousco.2 ай бұрын
I would love to learn all this stuff, please keep making this content!! Subscribed!
@user-dw9tx5sp2z710 ай бұрын
Throwaway your backspace man. It is making your life so sad
@cocplayer95113 жыл бұрын
You deserve more subscribers, great job
@mahdimix54682 жыл бұрын
You have amazing voice 😍, I have a feeling that telling me that you should be famous in this field, work hard as much as you can
@adalbertoguerra84022 жыл бұрын
Great content.!!! Very educational.!!! I am wondering if you can make a video explaining what are the steps to learn zero-day vulnerabilities.
@crash4o4 Жыл бұрын
Good video doing oswe now and gives me a insight on how to document my steps.
@MygenteTV8 ай бұрын
So basically a zero day is any cve before you make it a cve?
@cwinfosec8 ай бұрын
Sorta but not exactly. Definitions vary, but generally the term "zero-day" comes from the fact that once a vulnerability has been discovered and an exploit developed for it, the vendor has had zero days to patch or fix it before attackers are able take advantage of it. If the developer knows about a vulnerability, but hasn't released a patch yet we typically refer to them as "N-day"
@MygenteTV8 ай бұрын
@@cwinfosec I see, Thank you. So to put it in a very simplistic way. Let's say I find a RCE/sqli in a software(SuperFive) many companies around the world use SuperFive. Now I can just hack any SuperFive user because they don't know about my discovery, unless I tell the world about and to make it more effective, I made a python script that will do my manual steps in auto