[Video] let’s play with a ZERO-DAY vulnerability “follina”


Want to become a HACKER? ITProTV has you covered: (30% off FOREVER) *affiliate link

In this video NetworkChuck teamed up with @John Hammond to talk about the NEW and SCARY Microsoft Vulnerability. NetworkChuck and John Hammond are going to teach you about a new dangerous Windows Zero-day vulnerability called “follina” and they are even going to show you how to…

[Video] let’s play with a ZERO-DAY vulnerability “follina” 1
[Video] let’s play with a ZERO-DAY vulnerability “follina” 2
[Video] let’s play with a ZERO-DAY vulnerability “follina” 3
[Video] let’s play with a ZERO-DAY vulnerability “follina” 4
[Video] let’s play with a ZERO-DAY vulnerability “follina” 5

45 Comments on “[Video] let’s play with a ZERO-DAY vulnerability “follina””

  1. Want to become a HACKER? ITProTV has you covered: https://ntck.co/itprotv (30% off FOREVER) *affiliate link

    🧪🧪Try it yourself!! (Links, docs, and walkthrough): https://ntck.co/follinalinks

    SPECIAL THANKS to John Hammond (go check him out!!)

    —————————————————

    -YouTube: https://www.youtube.com/c/JohnHammond010

    -Twitter: https://twitter.com/_JohnHammond

    -his amazing article on Follina: https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug

    🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy

    **Sponsored by ITProTV

    0:00 ⏩ Intro

    1:58 ⏩ How does CVE-2022-30190 work??

    6:33 ⏩ What happens when you open the file?

    9:23 ⏩ Let’s set up our zero-day vulnerability lab!

    17:29 ⏩Time to test the Malware!

    20:00 ⏩ Outro

  2. You should really do a playlist explaining these vulnerabilities.
    Yes, there are channels explaining this stuff, but with you and your way of teaching things, explaining a CVE and how it works is a must for security professionals, especially if they want to be blue or red team pros, or even us, who are just passionate of these things.

    Do a playlist!!!!!!

  3. @NetworkChuck – If I upload this word doc on some web application. will it give the access to web server. if that doc opened on the server.
    if it is not possible to open the word on server. if any one download it using that web application, the vulnerability works the same way.

  4. Hi Chuck, when I tried running the script I got an error message from line 8.
    File "Follina.py", line 8, in <module>
    Import netifaces
    ModuleNotFoundError: No module name 'netifaces'
    How do it solve this? John Hammond, Networkchuck please help

  5. Great video as always and love too see John here aswell! I Followed you along was going to download the follina.doc from python webserver on the windows box, but windows defender deleted it and detected virus. So that is atleast a good thing, looks like Im a bit late to the party !

  6. Not sure if you mentioned this in the video but would this work on windows 7? I have an old laptop that i kept just for the purpose of exploiting, I'm not too sure how but could exploit this on my old laptop?

  7. 12:18 Saying: "CMD", typing: "mcd"…
    13:47 You call the file manager in Kali (I don't know exatly which is installed there…) "Explorer or whatever" and then call the M$ Windows Explorer "Finder" (which is the iMac's file manager)…

    Nice video!

  8. Hi, recently, our company got bounce mail attack, my supervisor don't understand how does that happen
    I wanna reproduce it, could you give some guidance?

  9. First of, I love your videos. I was trying to follow your steps on this one until the very final part where it is supposed to run calculator.exe or notepad.exe. But then, a window popped up saying an error occured while loading the troubleshooter. Do you have any idea why the troubleshooting wizard can't continue?

Have a comment? Type it below!