Zyxel Backdoor & A Known Plaintext Attack
In this video I discuss a recent finding where an undocumented admin-user account was found in Zyxel security products, accessible over SSH and via the web. As such, I showcase a simple technique called a 'Known Plaintext Attack' which can help enable you to analyse this Zyxel device firmware.
LINKS / BLOGS
============
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://math.ucr.edu/~mike/zipattacks.pdf
https://portal.myzyxel.com/my/firmwares
TOOLS
======
https://formulae.brew.sh/formula/pkcrack
https://formulae.brew.sh/formula/squashfs
https://github.com/cybercdh/hacks/blob/master/zyxel/zyxel.sh
FOLLOW
======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out. ✌️
@cybercdh
Видео Zyxel Backdoor & A Known Plaintext Attack канала Colin Hardy
LINKS / BLOGS
============
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://math.ucr.edu/~mike/zipattacks.pdf
https://portal.myzyxel.com/my/firmwares
TOOLS
======
https://formulae.brew.sh/formula/pkcrack
https://formulae.brew.sh/formula/squashfs
https://github.com/cybercdh/hacks/blob/master/zyxel/zyxel.sh
FOLLOW
======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out. ✌️
@cybercdh
Видео Zyxel Backdoor & A Known Plaintext Attack канала Colin Hardy
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Truth About Phishing - Tools, Tactics and Techniques to Analyse Phishing & Protect Your Privacy
SUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse Engineering
FREE programs that EVERY PC should have...
Remcos Config - Using RC4 to Get Command & Control from CyberChef
I bought a PHISHING website from the DARKWEB. Here's what I found...
Y2K22 - Why 2022 Broke Email
Analysing an Emotet Downloader with CMD Watcher and CyberChef
SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader
JavaScript Malware - How bad can it be?
APIs for Beginners - How to use an API (Full Course / Tutorial)
Emotet JavaScript dropper deobfuscation and analysis
The Best Guide to Entry Level Cyber Security Jobs - The Roadmap to InfoSec
Olympic Destroyer - Quick behavioural Analysis of this Wiper Malware
SSL, TLS, HTTP, HTTPS Explained
Building a Malware Lab - Software, Hardware, Tools and Tips for Effective Malware Analysis
25000 SUBSCRIBERS! A look back and forwards across the channel and my THANKS to YOU!!!!!
Kaseya Ransomware Attack - 5 Key Insights into this Malware campaign
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims