In this video, we review the discovery and exploit development process for CVE-2020-7209 - a remote command injection vulnerability in HP's LinuxKi project.
great info :D can you tell me how much time on avg does it take for you to discover a zero day like you've shown in the video???? also do you have any tips when starting to hunt 0day in the wild?
I'm sorry for taking so long to respond. It really depends on the app, sometimes I've found them within an hour, sometimes it took me a day or so after initially investigating. Especially when you consider the skill requirement for certain binary vulnerabilities, it can really take a lot of time to develop a working POC. The important part is hunting for bugs, whether you ultimately find one or not isn't important, just looking for them in the first place is IMO. Best of luck to you my friend!
Sorta but not exactly. Definitions vary, but generally the term "zero-day" comes from the fact that once a vulnerability has been discovered and an exploit developed for it, the vendor has had zero days to patch or fix it before attackers are able take advantage of it. If the developer knows about a vulnerability, but hasn't released a patch yet we typically refer to them as "N-day"
@@cwinfosec I see, Thank you. So to put it in a very simplistic way. Let's say I find a RCE/sqli in a software(SuperFive) many companies around the world use SuperFive. Now I can just hack any SuperFive user because they don't know about my discovery, unless I tell the world about and to make it more effective, I made a python script that will do my manual steps in auto
A comment for YT algo :D
Super awesome methodology. It's like automating CVE discovery! Genius!
You deserve more subscribers, great job
Great content.!!! Very educational.!!! I am wondering if you can make a video explaining what are the steps to learn zero-day vulnerabilities.
Good video doing oswe now and gives me a insight on how to document my steps.
Oh thank you bro! Nice tools!
You have amazing voice 😍, I have a feeling that telling me that you should be famous in this field, work hard as much as you can
great info :D can you tell me how much time on avg does it take for you to discover a zero day like you've shown in the video???? also do you have any tips when starting to hunt 0day in the wild?
I'm sorry for taking so long to respond. It really depends on the app, sometimes I've found them within an hour, sometimes it took me a day or so after initially investigating. Especially when you consider the skill requirement for certain binary vulnerabilities, it can really take a lot of time to develop a working POC. The important part is hunting for bugs, whether you ultimately find one or not isn't important, just looking for them in the first place is IMO. Best of luck to you my friend!
Hmm awesome.
Do you talk to your mother with that voice?
So basically a zero day is any cve before you make it a cve?
Sorta but not exactly. Definitions vary, but generally the term "zero-day" comes from the fact that once a vulnerability has been discovered and an exploit developed for it, the vendor has had zero days to patch or fix it before attackers are able take advantage of it. If the developer knows about a vulnerability, but hasn't released a patch yet we typically refer to them as "N-day"
@@cwinfosec I see, Thank you. So to put it in a very simplistic way. Let's say I find a RCE/sqli in a software(SuperFive) many companies around the world use SuperFive. Now I can just hack any SuperFive user because they don't know about my discovery, unless I tell the world about and to make it more effective, I made a python script that will do my manual steps in auto
Long time
Great Content, but why was your voice shaking?
Throwaway your backspace man. It is making your life so sad