Try SquareX for free today! 👉 https://sqrx.io/dbv2_yt

In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web and desktop technologies, as well as JavaScript, prototypes, and APIs are crucial.

JOIN THE DISCORD! 👉   / discord  

0:00 - Overview
0:46 - Electron
2:30 - Entry Point + Chain Architecture
3:25 - Cross-site Scripting (XSS)
6:53 - Prototype Pollution
11:10 - Sandbox Escape
13:26 - SquareX

Masato Kinugawa's report:
https://speakerdeck.com/masatokinugaw...

AngularJS RegEx:
https://github.com/angular/angular.js...


SquareX socials:
Twitter:   / getsquarex  
LinkedIn:   / getsquarex  
Instagram:   / getsquarex  
Facebook:   / getsquarex  
Blog: https://labs.sqrx.com/

MUSIC CREDITS:
LEMMiNO - Cipher
   • LEMMiNO - Cipher (BGM)  
CC BY-SA 4.0

LEMMiNO - Firecracker
   • LEMMiNO - Firecracker (BGM)  
CC BY-SA 4.0

LEMMiNO - Nocturnal
   • LEMMiNO - Nocturnal (BGM)  
CC BY-SA 4.0

LEMMiNO - Siberian
   • LEMMiNO - Siberian (BGM)  
CC BY-SA 4.0

LEMMiNO - Encounters
   • LEMMiNO - Encounters (BGM)  
CC BY-SA 4.0

#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #encoding #lowlevelsecurity #zeroday #zero-day #bugbounty #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #XSS #crosssitescripting #web #webdev #electron #HTML #hacked #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec