00:00 - Intro
01:00 - Start of installing OMI Locally
03:00 - Downloading the exploit, but get a connection error because it cannot talk to OMI
03:45 - Editing the OMI Configuration to set it to listen on 5986
05:45 - The exploit still isn't working debugging to find it is missing a namespace
07:50 - Finding the SCX Package Name and using a Index.Of Google Dork to find it on an open HTTP directory
10:00 - Installing the SCX Agent and getting code execution
11:13 - Setting the exploit to go through BurpSuite so we can understand how it works
13:40 - Going over the blog post to understand why it was vulnerable
16:35 - Talking about how the researchers may have found it. MS Patched it without major announcement and it was in the Git Changelog!
More awesome videos from IppSec: https://www.youtube.com/c/ippsec
Support the originator by clicking the read the rest link below.
