Zyxel Backdoor & A Known Plaintext Attack
In this video I discuss a recent finding where an undocumented admin-user account was found in Zyxel security products, accessible over SSH and via the web. As such, I showcase a simple technique called a 'Known Plaintext Attack' which can help enable you to analyse this Zyxel device firmware.
LINKS / BLOGS
============
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://math.ucr.edu/~mike/zipattacks.pdf
https://portal.myzyxel.com/my/firmwares
TOOLS
======
https://formulae.brew.sh/formula/pkcrack
https://formulae.brew.sh/formula/squashfs
https://github.com/cybercdh/hacks/blob/master/zyxel/zyxel.sh
FOLLOW
======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out. ✌️
@cybercdh
Видео Zyxel Backdoor & A Known Plaintext Attack канала Colin Hardy
LINKS / BLOGS
============
https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
https://www.zyxel.com/support/CVE-2020-29583.shtml
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
https://math.ucr.edu/~mike/zipattacks.pdf
https://portal.myzyxel.com/my/firmwares
TOOLS
======
https://formulae.brew.sh/formula/pkcrack
https://formulae.brew.sh/formula/squashfs
https://github.com/cybercdh/hacks/blob/master/zyxel/zyxel.sh
FOLLOW
======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP. If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out. ✌️
@cybercdh
Видео Zyxel Backdoor & A Known Plaintext Attack канала Colin Hardy
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Truth About Phishing - Tools, Tactics and Techniques to Analyse Phishing & Protect Your PrivacySUNBURST SolarWinds Malware - Tools, Tactics and Methods to get you started with Reverse EngineeringFREE programs that EVERY PC should have...Remcos Config - Using RC4 to Get Command & Control from CyberChefI bought a PHISHING website from the DARKWEB. Here's what I found...Y2K22 - Why 2022 Broke EmailAnalysing an Emotet Downloader with CMD Watcher and CyberChefSUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShellAnalysing Obfuscated VBA - Extracting indicators from a Trickbot downloaderJavaScript Malware - How bad can it be?APIs for Beginners - How to use an API (Full Course / Tutorial)Emotet JavaScript dropper deobfuscation and analysisThe Best Guide to Entry Level Cyber Security Jobs - The Roadmap to InfoSecOlympic Destroyer - Quick behavioural Analysis of this Wiper MalwareSSL, TLS, HTTP, HTTPS ExplainedBuilding a Malware Lab - Software, Hardware, Tools and Tips for Effective Malware Analysis25000 SUBSCRIBERS! A look back and forwards across the channel and my THANKS to YOU!!!!!Kaseya Ransomware Attack - 5 Key Insights into this Malware campaignSUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims