The Hacker who could turn on ANYONE'S Zoom Camera [Zero-Day]

preview_player
Показать описание
In this video, we take a deep dive into a high severity Zoom SQL injection vulnerability, which allowed attackers to enable a victims webcam and microphone without their permission. This vulnerability was exploited by taking advantage of dependencies between back-end systems and the SQLite database engine. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in character encoding schemes, especially when it comes to SQL, is critical.

0:00 - Overview
1:06- Reverse Engineering
4:40- SQLite
5:32 - Attack Vector
8:27 - Encoding (ASCII, Unicode, UTF-8)
11:45 - Exploit

Original report by Keegan Ryan

MUSIC CREDITS:
LEMMiNO - Cipher
CC BY-SA 4.0

LEMMiNO - Firecracker
CC BY-SA 4.0

LEMMiNO - Nocturnal
CC BY-SA 4.0

LEMMiNO - Siberian
CC BY-SA 4.0

#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #lowlevelsecurity #zeroday #zeroday #cybersecurityexplained #bugbounty #SQL #injection #SQLinjection #unicode #ASCII #UTF8 #encoding #breach #SQLbreach #SQLite #databaseinjection #Zoom #Linux #localSQL
  1. Daniel Boctor
  2. programming
  3. software
  4. software engineering
  5. computer science
  6. code
Рекомендации по теме
The Hacker who 0:14:17

The Hacker who could turn on ANYONE'S Zoom Camera [Zero-Day]

If Roblox Was 0:00:25

If Roblox Was In 1988...

This Hacker Saved 0:00:58

This Hacker Saved the Internet

Fake hacker vs 0:00:25

Fake hacker vs real hacker #roblox #shorts

Capabilities of Hackers, 0:18:16

Capabilities of Hackers, Tools Hackers use, and 5 Things You Can Do To Protect Yourself

Make Yourself Look 0:00:12

Make Yourself Look Like A Professional Hacker

Top 10 Countries 0:00:29

Top 10 Countries With Most Powerful Hacker In The World. #shorts

The Seven People 0:06:15

The Seven People Who Can Turn Off the Internet

Hack The Box: 0:00:31

Hack The Box: Synced VIP challenge

The HACKER's Laptop 0:00:50

The HACKER's Laptop #shorts

Hacker Explains 5 0:00:39

Hacker Explains 5 Simple Things To Protect Yourself From Cyber Attack

Capabilities of The 0:00:47

Capabilities of The Flipper Zero - Explained by a Hacker

Geometry Dash Hacker 0:00:27

Geometry Dash Hacker Shows Handcam 😱

DO NOT JOIN 0:00:30

DO NOT JOIN THIS GAME😰😨.. #roblox #ip #hacker #dontjointhisgame #viral

Pretending to be 0:00:47

Pretending to be Jenna the Hacker #shorts

How to be 0:00:21

How to be a hacker in 1 minute 😎 #shorts

The Most Dangerous 0:00:25

The Most Dangerous Hacker - Ryan Montgomery

Hacker Shows Navy 0:00:39

Hacker Shows Navy SEAL How He Can Hack Into Wi-Fi Using Flipper Tool 😳

Microsoft Copilot: How 0:00:34

Microsoft Copilot: How Hackers Could Turn It Against You #CyberSecurity #DigitalDefense #Beencrypted

|| Fakes hackers 0:00:24

|| Fakes hackers Vs Real hackers || - tubers93,jenna,1x1x1x1… // #roblox #short #hacker

When you first 0:00:32

When you first time install Kali linux for hacking 😄😄 #hacker #shorts

#1 Ethical Hacker 0:05:09

#1 Ethical Hacker in The World Explains The Dark Web

High school in 0:00:26

High school in the 90s 😳 #nostalgia

Hacker Exposes SEAL 0:00:59

Hacker Exposes SEAL Team’s Info Access 👨‍💻

Комментарии
Автор

Classic SQL injection and a nice explanation to go with it!
Text encoding was def not the first thing on my mind when thinking about possible escapes, and I guess it wasn't on the mind of the person that tried to manually sanitize SQL input either!

chriss
Автор

We tend not to ship debug symbols by default with open source programs either - they tend to be much larger than the compiled program itself.

capability-snob
Автор

"Cant read the source code" Ghidra has entered the chat

eyephpmyadmin
Автор

Criminally underrated channel. Keep up the good work man you'll make it big

amaankhan
Автор

Wow! Very well explained, thank you!
EDIT: my only complaint is the title. It's makes it look like a recent exploit, which is clickbaity and not very nice. I don't think you need to resort to that. 🙂

bthrkay
Автор

Great video! That explanation of unicode was perfect.

xgordo
Автор

Very well explained. Lots of small things to learn, not only a story telling content. Just keep up.
Subscribed.

nournote
Автор

Oh my goodness. This is such fantastic knowledge. You explain things phenomenally. Thanks so much.

ghstmnstr
Автор

Seems very well explained. Still didn't finish the video, but so far so good. Keep it up

junosoft
Автор

4:33 and if you want it be more of a hell for people who want to reverse engineer your stuff, you can tell the compiler to generate a stripped binary.
On Linux you can do this using the "strip" command. You could use it like this "strip binary -o stripped_binary"
or you can do it with the "-s" flag if you are using GCC.

mrt_
Автор

Why a new company like Zoom decided to use SQL with all of it's string-based vulnerabilities baffles me.

cancerino
Автор

Another eloquent description of a fascinating piece of software security history, brilliant as always.

ByronShingo
Автор

Very interesting. I cannot get over the upward inflection on every sentence though

dcquence
Автор

Great video! Well explained! Only correction is that SQL doesn’t use `//` for comments. It uses `--`.

Impracticallypractical
Автор

I honestly thought I was watching from a big channel, your so underrated, keep it going!

whoman
Автор

How do you not have more than million subscribers? What. you deserve more. keep up the great work!

mbhv-lllq
Автор

is there any reason zoom would have decided to manually implement the input sanitization

thisismygascan
Автор

Very interesting and technically informative. You have a elegant way of explaining things. Thanks!

vanzylv
Автор

Wow... Vulnerabilities like this one convince just how important it is to implement a web-cam cover and a physical mic on/off togle, just for a percussion. A simple step like that goes quite a long way, it seems.

Jiyoon
Автор

jokes on you i don't have a camera

altaccount