Try SquareX for free today! 👉 https://sqrx.io/dbv2_yt 

In this video, we take a deep dive into the Microsoft Teams RCE (remote code execution) exploit chain, discovered by bug hunter Masato Kinugawa. This exploit chain consists of cross-site scripting (XSS), prototype pollution, and a sandbox escape within the desktop application framework Electron. Whether you're a pen tester, security researcher, or cyber security expert, having a solid foundation in web and desktop technologies, as well as JavaScript, prototypes, and APIs are crucial.

JOIN THE DISCORD! 👉 https://discord.gg/WYqqp7DXbm

0:00 - Overview
0:46 - Electron
2:30 - Entry Point + Chain Architecture
3:25 - Cross-site Scripting (XSS)
6:53 - Prototype Pollution
11:10 - Sandbox Escape
13:26 - SquareX

Masato Kinugawa's report:
https://speakerdeck.com/masatokinugawa/how-i-hacked-microsoft-teams-and-got-150000-dollars-in-pwn2own

AngularJS RegEx:
https://github.com/angular/angular.js/blob/47bf11ee94664367a26ed8c91b9b586d3dd420f5/src/ng/compile.js#L1384 
  

SquareX socials:
Twitter: https://twitter.com/getsquarex
LinkedIn: https://www.linkedin.com/company/getsquarex/
Instagram: https://www.instagram.com/getsquarex/
Facebook: https://www.facebook.com/getsquarex
Blog: https://labs.sqrx.com/

MUSIC CREDITS: 
LEMMiNO - Cipher
https://www.youtube.com/watch?v=b0q5PR1xpA0
CC BY-SA 4.0

LEMMiNO - Firecracker
https://www.youtube.com/watch?v=ulfoU2MziOc
CC BY-SA 4.0

LEMMiNO - Nocturnal
https://www.youtube.com/watch?v=epmoV2HRs9U
CC BY-SA 4.0

LEMMiNO - Siberian
https://www.youtube.com/watch?v=5py6E6yo7wk
CC BY-SA 4.0

LEMMiNO - Encounters
https://www.youtube.com/watch?v=xdwWCl_5x2s 
CC BY-SA 4.0

#programming #software #softwareengineering #computerscience #code #programminglanguage #softwaredevelopment #hacking #hack #cybersecurity #exploit #tracking #softwareengineer #vulnerability #pentesting #privacy #spyware #malware #cyber #cyberattack #bugbounties #ethicalhacking #encoding #lowlevelsecurity #zeroday #zero-day #bugbounty #security #cybersecurity #breaches #databreaches #bug #bugbounty #pentesting #penetrationtesting #backdoor #javascript #XSS #crosssitescripting #web #webdev #electron #HTML #hacked #BeFearlessOnline #SquareX #Befearless&SecureOnline #Cybersecurity #Privacy #Security #Cybersec