Published On Feb 17, 2024
Try SquareX for free today! 👉 https://sqrx.io/dbv2_yt
In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web and desktop technologies, as well as JavaScript, prototypes, and APIs are crucial.
JOIN THE DISCORD! 👉   / discord Â
0:00 - Overview
0:46 - Electron
2:30 - Entry Point + Chain Architecture
3:25 - Cross-site Scripting (XSS)
6:53 - Prototype Pollution
11:10 - Sandbox Escape
13:26 - SquareX
Masato Kinugawa's report:
https://speakerdeck.com/masatokinugaw...
AngularJS RegEx:
https://github.com/angular/angular.js...
SquareX socials:
Twitter:   / getsquarex Â
LinkedIn:   / getsquarex Â
Instagram:   / getsquarex Â
Facebook:   / getsquarex Â
Blog: https://labs.sqrx.com/
MUSIC CREDITS:
LEMMiNO - Cipher
   • LEMMiNO - Cipher (BGM) Â
CC BY-SA 4.0
LEMMiNO - Firecracker
   • LEMMiNO - Firecracker (BGM) Â
CC BY-SA 4.0
LEMMiNO - Nocturnal
   • LEMMiNO - Nocturnal (BGM) Â
CC BY-SA 4.0
LEMMiNO - Siberian
   • LEMMiNO - Siberian (BGM) Â
CC BY-SA 4.0
LEMMiNO - Encounters
   • LEMMiNO - Encounters (BGM) Â
CC BY-SA 4.0
#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #encoding #lowlevelsecurity #zeroday #zero-day #bugbounty #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #XSS #crosssitescripting #web #webdev #electron #HTML #hacked #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec