That was just a zero-width space between the URL and the path to make it look like one long URL.
-
-
Replying to @taviso @MalwareTechBlog
Ohhhh damn how did I not realize the zero width space would be so useful there. Very well done.
1 reply 0 retweets 7 likes -
Replying to @0xdade @MalwareTechBlog
Haha, that obfuscation trick worked on you, so no doubting
You can try to copy this if twitter doesn't mangle it: http://bit.ly \\?\C:\Users\dade\Downloads\exploit.bat:2 replies 2 retweets 15 likes -
Replying to @taviso @MalwareTechBlog
Yup okay that replicates it. That's sneaky and awesome.
1 reply 0 retweets 6 likes -
1 reply 5 retweets 15 likes
-
Replying to @0xdade @MalwareTechBlog
Okay, how about this one (hxxp to avoid twitter munging, http works in Zoom): \\?\hxxp://youtube.com/watch?v=123124124&title=ZXhwbG9pdAo=\..\..\..\..\Users\dade\Docume~1\exploit.bat I should have been a phisher
4 replies 9 retweets 31 likes -
Replying to @taviso @MalwareTechBlog
This one is really good. Can click anywhere and it triggers, amazing.pic.twitter.com/qxRkdlbTLs
4 replies 5 retweets 22 likes -
-
This is really creative! I love how you (and others in this thread) have abused this bug and zoom's UI. It's a reminder that, with enough time, issues that initially appear benign can be used in clever, and unexpectedly effective ways. (not that it took you all long, christ)
1 reply 0 retweets 0 likes -
Replying to @stephen0x2dfox @pwnsdx and
Out of curiosity, why link to a batch file in these DOS device path examples when you can launch calc.exe directly ?
1 reply 0 retweets 0 likes
That is only useful for local attacks, which isn't very interesting. A remote exploit would likely execute a malicious file in Downloads, which is a more interesting attack.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
