🔗LINK FOR everything- github.com/archanchoudhury/MSDT_CVE-2022-30190 In this episode I have explained Follina- MSDT Exploit which has been numbered as CVE2022-30190. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group. Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+). As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," Microsoft explains. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉ruclips.net/p/PLj... DFIR Free Tools and Techniques 👉 ruclips.net/p/PLj... Windows and Memory Forensics 👉 ruclips.net/p/PLj... Malware Analysis 👉 ruclips.net/p/PLj... SIEM Tutorial 👉 ruclips.net/p/PLj... Threat Hunt & Threat Intelligence 👉 ruclips.net/p/PLj... Threat Hunt with Jupyter Notebook👉 ruclips.net/p/PLj... 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com
🔗LINK FOR everything- github.com/archanchoudhury/MSDT_CVE-2022-30190
In this episode I have explained Follina- MSDT Exploit which has been numbered as CVE2022-30190. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group. Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).
As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents.
"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," Microsoft explains.
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉ruclips.net/p/PLj...
DFIR Free Tools and Techniques 👉 ruclips.net/p/PLj...
Windows and Memory Forensics 👉 ruclips.net/p/PLj...
Malware Analysis 👉 ruclips.net/p/PLj...
SIEM Tutorial 👉 ruclips.net/p/PLj...
Threat Hunt & Threat Intelligence 👉 ruclips.net/p/PLj...
Threat Hunt with Jupyter Notebook👉 ruclips.net/p/PLj...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: www.linkedin.com/company/blac...
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir)instagram.com/blackperl_d...
✔ Can be reached via archan.fiem.it@gmail.com
Thanks Archan..
Appreciate how you collated all the data❤️
Thank you!
Please tell me the windows exact version affected this and where can I get that to test for my university assignment I must do it 😥😥
Very insightful vid thanks
Thank you for the feedback
Excellent work there!!
Thank you! Cheers!
Thank you best video
Thank you for the feedback
What is the password for the file?
infected
Please send me doc. File password without we can't go forward
Which doc you are referring to?
to zero to to 🤣🤣
Two zero two two! Lol
What is the password to unzip 05-2002-0438.doc.zip , I tried kali, Kali , Password, password ,admin ,admin ,root Root ,Toor ,toor all are failing
For all sample it's standard always, infected
@@BlackPerl Thanks
Same what is password
Because without open doc file we can't go forward
Please send password