That was just a zero-width space between the URL and the path to make it look like one long URL.
-
-
Replying to @taviso @MalwareTechBlog
Ohhhh damn how did I not realize the zero width space would be so useful there. Very well done.
1 reply 0 retweets 7 likes -
Replying to @0xdade @MalwareTechBlog
Haha, that obfuscation trick worked on you, so no doubting
You can try to copy this if twitter doesn't mangle it: http://bit.ly \\?\C:\Users\dade\Downloads\exploit.bat:2 replies 2 retweets 15 likes -
Replying to @taviso @MalwareTechBlog
Yup okay that replicates it. That's sneaky and awesome.
1 reply 0 retweets 6 likes -
1 reply 5 retweets 15 likes
-
Replying to @0xdade @MalwareTechBlog
Okay, how about this one (hxxp to avoid twitter munging, http works in Zoom): \\?\hxxp://youtube.com/watch?v=123124124&title=ZXhwbG9pdAo=\..\..\..\..\Users\dade\Docume~1\exploit.bat I should have been a phisher
4 replies 9 retweets 31 likes -
Replying to @taviso @MalwareTechBlog
This one is really good. Can click anywhere and it triggers, amazing.pic.twitter.com/qxRkdlbTLs
4 replies 5 retweets 22 likes -
-
Payload available here:https://gist.github.com/pwnsdx/4622e18a4ffbb315bc30fbd75e8e97ec …
4 replies 37 retweets 62 likes -
Within confid base64 "type" param can be replaced by dropbox to make it look like it come from Dropbox also thumbnailUrl can also be tweaked to display a custom icon
2 replies 1 retweet 9 likes
Nice, I bet you can send that over the wire to other participants without the zoommtg link (I didn't test it, but seems plausible).
-
-
The Zoom link is for you actually
1 reply 0 retweets 1 like -
Ah-ha, got it. Nice.
0 replies 0 retweets 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
