How I Found My First Ever ZeroDay (In RDP)https://www.malwaretech.com/2020/12/how-i-found-my-first-ever-zeroday-in-rdp.html …
-
nice article-for reversing and creating RDP clients I recommend looking at https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/RDP/Server/src/TestSuite/RDPBCGR/S5_StaticVirtualChannelTest.cs … can save you some time ;)
its interesting questions- when is a vuln a DOS only and when is not remote? I have gotten DOS submissions rejected because they where not remote. Of course I was not told that if it was remote it become bounty eligable- I had to be told that by other researchers
-
-
Had i known back then - I had made them remote- but now its too late, bounties are pretty much dead. Would be easy to create a html page that corrupts NTFS and BSOD you- MS only take that kinda bugs serious with a remote POC I. Think I could do it by SMB actually- 0 interaction
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.