Finding Zero-days With Github
Рет қаралды 7,216
Күн бұрынIn this video, we review the discovery and exploit development process for CVE-2020-7209 - a remote command injection vulnerability in HP's LinuxKi project.
@TalsonHacks 3 жыл бұрын
A comment for YT algo :D
@InfiniteLogins 3 жыл бұрын
Super awesome methodology. It's like automating CVE discovery! Genius!
@CustomDabber360 2 жыл бұрын
Do you talk to your mother with that voice?
@000t9 2 жыл бұрын
Oh thank you bro! Nice tools!
@TechieGanesh Жыл бұрын
great info :D can you tell me how much time on avg does it take for you to discover a zero day like you've shown in the video???? also do you have any tips when starting to hunt 0day in the wild?
@cwinfosec 10 ай бұрын
I'm sorry for taking so long to respond. It really depends on the app, sometimes I've found them within an hour, sometimes it took me a day or so after initially investigating. Especially when you consider the skill requirement for certain binary vulnerabilities, it can really take a lot of time to develop a working POC. The important part is hunting for bugs, whether you ultimately find one or not isn't important, just looking for them in the first place is IMO. Best of luck to you my friend!
@alociousco. 2 ай бұрын
I would love to learn all this stuff, please keep making this content!! Subscribed!
@user-dw9tx5sp2z7 10 ай бұрын
Throwaway your backspace man. It is making your life so sad
@cocplayer9511 3 жыл бұрын
You deserve more subscribers, great job
@mahdimix5468 2 жыл бұрын
You have amazing voice 😍, I have a feeling that telling me that you should be famous in this field, work hard as much as you can
@adalbertoguerra8402 2 жыл бұрын
Great content.!!! Very educational.!!! I am wondering if you can make a video explaining what are the steps to learn zero-day vulnerabilities.
@crash4o4 Жыл бұрын
Good video doing oswe now and gives me a insight on how to document my steps.
@MygenteTV 8 ай бұрын
So basically a zero day is any cve before you make it a cve?
@cwinfosec 8 ай бұрын
Sorta but not exactly. Definitions vary, but generally the term "zero-day" comes from the fact that once a vulnerability has been discovered and an exploit developed for it, the vendor has had zero days to patch or fix it before attackers are able take advantage of it. If the developer knows about a vulnerability, but hasn't released a patch yet we typically refer to them as "N-day"
@MygenteTV 8 ай бұрын
@@cwinfosec I see, Thank you. So to put it in a very simplistic way. Let's say I find a RCE/sqli in a software(SuperFive) many companies around the world use SuperFive. Now I can just hack any SuperFive user because they don't know about my discovery, unless I tell the world about and to make it more effective, I made a python script that will do my manual steps in auto
@taiquangong9912 Жыл бұрын
Long time
@audiobook890 3 жыл бұрын
Hmm awesome.
@samsepi0101 3 жыл бұрын
Great Content, but why was your voice shaking?
حرف إبداعية للمنزل في 5 دقائق
Рет қаралды 38 МЛН
NahamSec
Рет қаралды 6 М.