Good start for the first time onsite, there were a few nervous moments but it was well controlled. Thanks @thezdi for the support 🙏🙏🙏
P/s: actually the points are 16, not 13
Success! @hoangnx99, @rskvp93, and @_q5ca from Team Viettel (@vcslab) used a 2-bug chain in their attempt against Microsoft Teams. They earn $75,000 and 8 Master of Pwn points.
SAML ShowStopper from our researcher @_l0gg. Any software not only Manageengine that uses old version of xmlsec and xalan should take care it seriously. @_l0gg will show a technique by using DocumentHandler to defeat xslt transformer. #CVE-2022-47966 https://t.co/vlbERGVNi4
I learned a lot about internal Powershell working when I go through TabShell bug #CVE-2022-41076. Here is the detail https://t.co/lJb7OjPzMj. And a few problems still there and may be need more investigation. with @_q5ca, @hoangnx99
How to attack S7commplus protocol of Siemens PLC in SCADA environment. Our team member @Nobey98 shares his research on S7commPlus protocol, algorithm and show a demonstration to control a PLC device:
https://t.co/GpKBduB3dH
https://t.co/gjGHcWHtOY
https://t.co/7Cg0Chs2Sk
MSRC released the patch for our "TabShell" vulnerability (https://t.co/5vlDHIlX02). This is a nice bug chain to RCE Exchange on-premises, Exchange Online, Skype for Business Server (may be SFB Online+Teams too but can't find its powershell remote endpoint) with @_q5ca@hoangnx99
On the first win of Day 3 of #P2OToronto, @biennd279 and @rskvp93 from Team Viettel (@vcslab) used a command injection on a WD NAS to help add a little extra holiday decoration to the venue! This nets the team another $20K and 4 MoP points! #Pwn2Own