Hackers Are Exploiting Critical Vulnerabilities in File Transfer Software
Вставка
- Опубліковано 5 жов 2024
- proton.me/john || Get privacy by default with Proton, stop other companies from exploiting your data, and keep yourself safe during security research! You can get started with Proton for free at proton.me/john
PS -- play my CTF! huntress.ctf.g...
Free Cybersecurity Education and Ethical Hacking
🔥UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
I got a “fetch the flag ctf” ad of you at the start of the video. I thought it was just the video and didn’t even realize it was a separate ad
This is hysterical and I am also sorry 😂
Thank you John! Always appreciate you taking the time to explain and sharing your insightful knowledge with us all
I just clicked on your video and I got an add from Snyk and your are speaking
By far the most interesting part is the rat race between amsi and the specific formatting and obfuscation of the payloads...
Man I'm loving videos like this. You bring us through each step and explain your thought process, even though it's a rather simple deobfuscation thing, it's super valuable for people that never did any of this (like me)!
That was weird i had a ad with John Hammond before the video started so I thought the video jad startet but I had the skip ad thing 😂
Why is an FTP server allowing Powershell commands at all?
I just got a UA-cam ad for this 20:21 with John doing the ad read
Plz continue on hved exploitation on windows kernel plz ❤
but proton mail just hit by html vulnerability. and they fixed. tag and some manipulation.
nice 👍 video
For the malicious IP you tried to curl....do you think the bad actor could be whitelisting IP ranges or excluding VPN IP ranges)?
using proton since a few months now, its awesome
Hey John, why don't u start merch, I really love your t-shirts, they're very inspiring ^ ^
👍 great video
Thank-you for the break down.
I can't wait for Mr. Hammond to exploit my Homelab one day 😘
Forgive my possibly ignorant question, but why are people re-implementing file transfer software? We have dozens of proven solutions that haven't had massive vulnerabilities. What does the Progress company add to their software that other less vulnerable applications don't offer? It seems like these tools, both the tool behind the moveit vuln and this tool, are bad re-implementations or bad wrappers around otherwise secure software.
A
@@funil6871 Yep, and I'm guilty of that too, but for goodness sake, it feels like some projects are beyond the skill of the involved developers. This is an example of what happens when people fail to acknowledge the edges of their understanding. I've considered implementing the TLS standard in Rust as a learning project, but there's no way on earth I would think about publishing it as anything other than a toy implementation.
I've been wondering this as well, same goes with general chat applications and some of the tried-and-true functions baked into many OS these days. I'm all for innovation, just don't understand why reinventing the wheel is needed if holes like this are being discovered. Then again, I am probably nowhere near as knowledgeable in this area as some of the commentors.
@@raging666 chat applications are a fantastic example. What happened to good old XMPP? That is an open protocol that supports encryption. We should have just stuck with that.
Progress AKA Telerik makes a ton of tools for developers (like Kendo). So I'm thinking they branched out so that their tools can work better with different technologies. I'm not a fan of any Telerik products, but I've had to work with them because many companies use them. But many people do like their products.
@John Hammond how can i get in contact with you?
Hi bro can you help me some scammers stolen my funds...can you trace or recover my funds please
How much did they stole from you 😢
@@kimmysmith577 232603$
@@kimmysmith577 so many people take upfront fee and cheat me
Thanks John for sharing khatarnak😅 info ...
Please John is SRA a Scam or Real
Good Video 👍
Decent.
good vid
3 number comment 27 number like 285 number viewer in 7 minute 😅😊
First comment (almost)
Forced ads. Automatic down vote
Get the sponsorblock extension and wait a bit before watching. No one will care how early you commented 500 years from now.
Use Brave lol
If you can't figure out how to watch UA-cam without ads then your probably not part of the target audience.
Hint; you can block them at the application layer (browser extension) or at network layer (DNS sinkhole). You will never know they even existed. 😉
@@johndeaux8815 assuming a browser.... What a dumb@ss
@@robertlemonsjr and another browser boy..... Probably on Pc too..... Yeh right