- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
CVE-2025-24071: POC | Demo | Zero Click Exploit | Stealing credentials
In this security research video, I demonstrate CVE-2025-24071, which involves creating Windows Library files (.library-ms) that reference remote network shares. This proof-of-concept shows how a simple Rust application deployed through GitHub Actions can generate these files automatically.
The demo walks through:
1. How the vulnerability works with Windows Library files
2. Setting up a Rust program to create customized .library-ms files
3. Configuring GitHub Actions to run the code with secret parameters
4. How the workflow generates and uploads the resulting file as an artifact
Note: Captured hashes for Repsonder are here: /usr/share/responder/logs
This educational content is intended for cybersecurity professionals, pentesters, and those interested in understanding modern security vulnerabilities. All techniques shown are for research purposes only and should never be used without proper authorization.
Repository: https://github.com/pswalia2u/CVE-2025-24071_POC
References: https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
#CyberSecurity #Vulnerabilities #CVE #WindowsSecurity #GithubActions #SecurityResearchRetryClaude can make mistakes. Please double-check responses.
Видео CVE-2025-24071: POC | Demo | Zero Click Exploit | Stealing credentials канала Prabhsimran Singh
The demo walks through:
1. How the vulnerability works with Windows Library files
2. Setting up a Rust program to create customized .library-ms files
3. Configuring GitHub Actions to run the code with secret parameters
4. How the workflow generates and uploads the resulting file as an artifact
Note: Captured hashes for Repsonder are here: /usr/share/responder/logs
This educational content is intended for cybersecurity professionals, pentesters, and those interested in understanding modern security vulnerabilities. All techniques shown are for research purposes only and should never be used without proper authorization.
Repository: https://github.com/pswalia2u/CVE-2025-24071_POC
References: https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/
#CyberSecurity #Vulnerabilities #CVE #WindowsSecurity #GithubActions #SecurityResearchRetryClaude can make mistakes. Please double-check responses.
Видео CVE-2025-24071: POC | Demo | Zero Click Exploit | Stealing credentials канала Prabhsimran Singh
Комментарии отсутствуют
Информация о видео
22 апреля 2025 г. 3:01:21
00:06:24
Другие видео канала
Advent of Cyber 2024 - TryHackMe (Day 1)
How to Set Up Your Own OpenVPN Server in 10 Minutes | Easy OpenVPN Server | A dead-simple VPN server
CVE-2020-7246 Lab Setup and Exploitation Walkthrough
Setting up AWS IAM Vulnerable LAB/Playground. |1|
Abusing iam:CreatePolicyVersion, iam:AttachRolePolicy and iam:PutGroupPolicy for privesc |4|
Installing and using pacu and enumerate-iam. Abusing iam:CreateAccessKey for privesc. |2|
Deploying and Exploiting Vulnerable Python Azure Function
K8s LAN Party: Data Leakage- Exposed File Share
Automate SSL Certificate Generation with Cloudflare and Certbot | GitHub Action Tutorial
Abusing AttachGroupPolicy, CreateLoginProfile, UpdateLoginProfile and AddUserToGroup for privesc |3|
AWSGoat(ine) AWS CTF solution Module 2
Container Internals (Cgroups, Namespaces, Images) - BSides Bristol 2025
Advent of Cyber 2024 Day 5: XML External Entity Injection (XXE)
AWS Basics: Creating a new IAM group, adding users to a group, Permissions boundary, IAM Policies.
![INE GCPGoat Module 1 Path 1- Finding and abusing storage buckets leading to privilege escalation [3]](https://i.ytimg.com/vi/cM46_c-zxh4/default.jpg)
INE GCPGoat Module 1 Path 1- Finding and abusing storage buckets leading to privilege escalation [3]
Fooling Anthropic Computer Use Demo AI for Malicious Code Execution
AWS Role Enumeration: Technique Attackers Use
Role Based Access Control in Kubernetes | CKA
🎥 AWS CloudTrail Log Analysis - Advent of Cyber 2024 Day 7 🎥
Using Services in Windows for Persistence (T1543.003) | Cobalt Strike
Take Persistence to the Next Level with Windows Scheduled Tasks and OPSEC - T1053.005 | Cobaltstrike
