Follina- MSDT Exploit- CVE2022-30190 Explained with Detection and Mitigation
Ғылым және технология
In this episode I have explained Follina- MSDT Exploit which has been numbered as CVE2022-30190. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group. Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+).
As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents.
"An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," Microsoft explains.
🔗LINK FOR everything- github.com/archanchoudhury/MS...
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉 • BlackPerl DFIR || INC...
DFIR Free Tools and Techniques 👉 • BlackPerl DFIR || DFIR...
Windows and Memory Forensics 👉 • BlackPerl DFIR || Wind...
Malware Analysis 👉 • BlackPerl DFIR || Malw...
SIEM Tutorial 👉 • BlackPerl DFIR || Lear...
Threat Hunt & Threat Intelligence 👉 • BlackPerl DFIR || Thre...
Threat Hunt with Jupyter Notebook👉 • Threat Hunt with Jupyt...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: / blackperl
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir) / blackperl_dfir
✔ Can be reached via support@blackperldfir.com
Пікірлер: 22
🔗LINK FOR everything- github.com/archanchoudhury/MSDT_CVE-2022-30190 In this episode I have explained Follina- MSDT Exploit which has been numbered as CVE2022-30190. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability reported by crazyman of the Shadow Chaser Group. Microsoft is now tracking it as CVE-2022-30190. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+). As security researcher nao_sec found, it is used by threat actors to execute malicious PowerShell commands via MSDT in what Redmond describes as Arbitrary Code Execution (ACE) attacks when opening or previewing Word documents. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," Microsoft explains. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉kzread.info/head/PLj... DFIR Free Tools and Techniques 👉 kzread.info/head/PLj... Windows and Memory Forensics 👉 kzread.info/head/PLj... Malware Analysis 👉 kzread.info/head/PLj... SIEM Tutorial 👉 kzread.info/head/PLj... Threat Hunt & Threat Intelligence 👉 kzread.info/head/PLj... Threat Hunt with Jupyter Notebook👉 kzread.info/head/PLj... 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com
Thanks Archan.. Appreciate how you collated all the data❤️
@BlackPerl
2 жыл бұрын
Thank you!
Excellent work there!!
@BlackPerl
2 жыл бұрын
Thank you! Cheers!
Very insightful vid thanks
@BlackPerl
2 жыл бұрын
Thank you for the feedback
Thank you best video
@BlackPerl
2 жыл бұрын
Thank you for the feedback
Please tell me the windows exact version affected this and where can I get that to test for my university assignment I must do it 😥😥
What is the password for the file?
@BlackPerl
2 жыл бұрын
infected
Please send me doc. File password without we can't go forward
@BlackPerl
Жыл бұрын
Which doc you are referring to?
to zero to to 🤣🤣
@BlackPerl
2 жыл бұрын
Two zero two two! Lol
What is the password to unzip 05-2002-0438.doc.zip , I tried kali, Kali , Password, password ,admin ,admin ,root Root ,Toor ,toor all are failing
@BlackPerl
2 жыл бұрын
For all sample it's standard always, infected
@siviwentanjana524
2 жыл бұрын
@@BlackPerl Thanks
@nigamgandhi3509
Жыл бұрын
Same what is password
@nigamgandhi3509
Жыл бұрын
Because without open doc file we can't go forward
@nigamgandhi3509
Жыл бұрын
Please send password