Zyxel Backdoor & A Known Plaintext Attack

preview_player
Показать описание
In this video I discuss a recent finding where an undocumented admin-user account was found in Zyxel security products, accessible over SSH and via the web. As such, I showcase a simple technique called a 'Known Plaintext Attack' which can help enable you to analyse this Zyxel device firmware.

LINKS / BLOGS
============

TOOLS
======

FOLLOW
======

THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!

Many thanks for watching, it means a lot.

Peace out. ✌️
@cybercdh
  1. cybercdh
  2. zyxel
  3. malware
  4. backdoor
  5. firmware
  6. known plaintext attack
Рекомендации по теме
Zyxel Backdoor & 0:17:26

Zyxel Backdoor & A Known Plaintext Attack

#WeekendWisdom 061 Zyxel 0:01:35

#WeekendWisdom 061 Zyxel Backdoor

Zyxel Backdoor Discovery 0:16:27

Zyxel Backdoor Discovery

Xycel Backdoor Again 0:07:59

Xycel Backdoor Again

Secret User Account 0:11:33

Secret User Account in Zyxel Products| AT&T ThreatTraq

Your Router Might 0:12:49

Your Router Might be Spying on You (ZYXEL!?!?!?) Here Are A Few Things You COULD Do About It

Optrics Insider - 0:14:15

Optrics Insider - Checkpoint SSL VPN Cert Expired, Undocumented Zyxel Backdoor & Solarwinds Upda...

Hackers are using 0:01:55

Hackers are using unknown user accounts to target Zyxel firewalls and VPNs

New Vulnerabilities Found 0:01:00

New Vulnerabilities Found in Zyxel Firewalls, CISA Directs Immediate Patching

DEF CON 30 0:26:35

DEF CON 30 - Jay Lagorio - Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware

Chinese wireless routers 0:05:33

Chinese wireless routers are 'dangerous'. Should you get one?

Zyxel SecuReporter - 0:00:42

Zyxel SecuReporter - Identifying Abnormal Behavior by User Aware

Jan 6th, 2021 0:12:11

Jan 6th, 2021 Practitioner Brief Live, NSA guidance, Zyxel Backdoor, Solarwinds update & more

DISCONNECT YOUR D-LINK 0:07:14

DISCONNECT YOUR D-LINK NAS FROM THE INTERNET NOW! (Hard Coded Vulnerability Discovered)

Cyber News: Gigabyte 0:14:49

Cyber News: Gigabyte Motherboard Backdoor, Toyota Breach Again, Zyxel Active Exploit & More News

New Vulnerabilities Found 0:01:38

New Vulnerabilities Found in Zyxel Firewalls, CISA Directs Immediate Patching

50k$, um Passwörter 0:06:43

50k$, um Passwörter nicht weiterzugeben? 🤡 || HACKS DER WOCHE #53 – Ticketmaster, Solarwinds, Zyxel...

Zyxel Firewalls Vulnerable 0:01:47

Zyxel Firewalls Vulnerable to Critical Flaw Allowing Remote Command Execution

Threat actors were 0:22:39

Threat actors were able to see Microsoft source code repositories. Zyxel closes a backdoor. Kawasak

Zyxel NAS - 0:02:02

Zyxel NAS - RCE Vulnerability - CVE-2022-34747 - Firmware Patch

Watch Out ! 0:01:39

Watch Out ! Hackers Begin Exploiting Recent Zyxel Firewalls 🤯RCE Vulnerability 🤔

zyxel firewall unauth 0:02:39

zyxel firewall unauth remote code execution 2022 | CVE-2022-30525

ZYXEL | Webinar: 0:49:02

ZYXEL | Webinar: Tech Talk - Implement your Remote Security using Secure WiFi (02-08-2022)

6/5/2024 *sigh* why 0:01:15

6/5/2024 *sigh* why do government agencies thinkbackdoors are secure?!

Комментарии
Автор

I didn't even know our country had this advanced of a cybersecurity company, good to know!

NetherFX
Автор

You are one of the few people who really get me excited for reverse engineering and binary analysis of real world applications and software !
Keep up the good work. Thank you for being awesome :)

harshvaragiya
Автор

very interesting, thank you very much Colin!

marcohiltebrand
Автор

Wonderfully presented! I really dig your videos, thanks for sharing!

HackOvert
Автор

You are working bizarely hard it seems. I hope you are doing well. NIce weekend anyways ^__^

Tarquin
Автор

Thanks for the video. What is the point of uploading the firmware on the website and protects the content with a password? If they dont want anyone to access the contents of the file, why dont they just keep the firmware offline? Maybe a good question for them.

jaylal
Автор

Damn, the size of your brain man, geeez
I'm looking into getting into Cybersecurity from 10 years of field work as an SME and now in Corporate/government IT support. Fairly knowledgeable already I am, but you bemused and lost about 4 minutes into your video...

Dammit

produKtNZ
welcome to shbcf.ru