Analyzing Microsoft Zero-Day Exploit (CVE-2021-40444)

Показать описание

In this video we are looking at the brand new zero-day exploit for CVE-2021-40444, we understand the attack chain and deobfuscate some exploit code.

Samples:

00:00 Intro
00:46 Dynamic analysis
08:37 Static analysis
10:58 Deobfuscation
19:00 Analyzing exploit
22:52 Infection chain
27:45 Final payload
31:30 Summary

#cve-2021-40444 #zeroday #malware #infosec #reverseengineering

Malfind Labs

Рекомендации по теме

Комментарии

Straight to the point, Awesome analysis!

itsnee

Great analysis. Looking forward for more!

clipper

good explanation, nice audio quality and analysis sharing the Deobfuscation code and where to download the sample malware is cool as well! Information Sharing!

mysteryhogs

Excellent work on simplifying the analysis!

garaldo

Very Nicely Explained.. Thanks for Sharing Sir

anandsinghdhouni

Omg. Please show us how you animate yourself in that south park style.

Ltbnary

what an awesome demonstration, nicely done! 😻

_CryptoCat

Excellent! Could you do some more vid on zero-day exploits!

eagle

this is quality content :)
can you post some resource for reading about structure and rendering of docx files

duckie

Holy Cr*p, how did you synchronize your ANIMATED mouth correctly to the SPEECH? (Sorry, the explanation of the attack chain is also good :) )

kanamung

Wow. Nice! Thank you. By the way, what do you use for making the talking avatar in your videos?

roboedar

Great video, how did you manage to compile file to call out?

dano

Can you please show how to reproduce this ?

chhatrapalsinhzala

Sir please make a video on how to exploit Open port services using CVE 🙂.

xxehacker

Sorry, I'm learning how to analyze cve now.
And I choose cve-2021-40444 as my first practice, but i have trouble with building environment.
I downloaded sample from you provided link above in my Win10 VM but I couldn't open .
It show me that I can't unzip this file.
Could you tell me how to do?
Thanks!!!!
Your video help me a lot!

kwiuekf

Please can you share for payload generating?

lakshmikumar

Hi, thanks for the great video!
Can you please tell me how did you menage to make your ubuntu machine intercept the windows's box http connections, any blog, link or anything that may help is appreciated, thanks.

hakim

Was there something that was in the script to prevent you from commenting out the check function or even just the shift part of it?

jamiekomodo

my boy have an Bulgarian or (Eastern European) accent :)

sharebt

why send and configure a payload like a reverse tcp when you can hidden with a crypter a simple trojan that works much better and have the full control of device?

youtubee

Analyzing Microsoft Zero-Day Exploit (CVE-2021-40444)

Analyzing Microsoft Zero-Day Exploit (CVE-2021-40444)

Microsoft MSHTML Zero Day Exploit POC In summary! - (CVE 2021 40444)

New Microsoft MSHTML Zero-Day Exploit (CVE-2021-40444) POC - Analysis with Process Monitor

Analyze, Reverse and Exploit CVE-2021-40444

0day explication. this is short tutorial for CVE-2021-40444.

[DEMO] CVE-2021-40444 - 0day MS Office Word Malicious MSHTML RCE

CVE-2021-40444 exploit POC - A Forensic Analysis

Microsoft MSHTML Remote Code Execution Vulnerability | POC | 0-day | CVE-2021-40444

New MSWORD Vulnerability! (CVE-2021-40444)

[EXPLOIT DEMO] CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerabity

CVE-2021-40444 attack

Simple Analysis Of A CVE-2021-40444 .docx Document

MSHTML Exploit with Bryson Medlock at the ConnnectWise CRU. CVE-2021-40444

CVE-2021-40444 patch bypass 0.5day exploit fullchain

Adobe CVE-2021-28550 Zero Day Exploit

Demo cve-2021-40444

0patching CVE-2021-40444

CVE-2021-40444. 0Day

Testing OSArmor with CVE-2021-40444 (MS Office Exploit)

Office CVE-2021-40444 remote code execution native builder

Microsoft Word 0-day CVE-2021–40444 - Weaponised

Remote code execution [Microsoft office CVE-2021-40444]

Microsoft MSHTML (CVE 2021 40444) Exploit with Metasploit for Remote Code Execution

CVE-2021-40444: почему это важно