SharePoint ZERO-DAY Lets Hackers Walk Straight In // TRAIN BRAIN

SharePoint ZERO-DAY Lets Hackers Walk Straight In

SharePoint Zero-Day 2025: ToolPane Authentication Bypass + Deserialization RCE A brand-new, two-stage exploit is hammering SharePoint 2010-2025. OTW joins David Bombal to break down:
• How attackers bypass authentication and inject shellcode via unsafe serialization
• Why Microsoft’s May patch failed and how the “toolpane.aspx” endpoint is abused
• Live tour of a 140-line Python POC you can test in a lab
• Risk to unpatched 2010/2013 deployments (no fixes coming)
• Confirmed Chinese APT activity targeting government portals
• Immediate mitigation steps, upgrade paths, and indicator checks
• Career advice: stay ahead of AI & quantum threats by learning Linux, Python and networking
// Occupy The Web SOCIAL //
X: https://twitter.com/three_cube
Website: https://hackers-arise.net/
// Occupy The Web Books //
Linux Basics for Hackers 2nd Ed
US: https://amzn.to/3TscpxY
UK: https://amzn.to/45XaF7j
Linux Basics for Hackers:
US: https://amzn.to/3wqukgC
UK: https://amzn.to/43PHFev
Getting Started Becoming a Master Hacker
US: https://amzn.to/4bmGqX2
UK: https://amzn.to/43JG2iA
Network Basics for hackers:
US: https://amzn.to/3yeYVyb
UK: https://amzn.to/4aInbGK
// OTW Discount //
Use the code BOMBAL to get a 20% discount off anything from OTW's website: https://hackers-arise.net/
// Playlists REFERENCE //
Linux Basics for Hackers: https://www.youtube.com/watch?v=YJUVNlmIO6E&list=PLhfrWIlLOoKOs-fjCPHdzD2icF2vORfwK&pp=iAQB
Mr Robot: https://www.youtube.com/watch?v=3yiT_WMlosg&list=PLhfrWIlLOoKNYR8uvEXSAzDfKGAPIDB8q&pp=iAQB
Hackers Arise / Occupy the Web Hacks: https://www.youtube.com/watch?v=GxkKszPVD1M&list=PLhfrWIlLOoKOf1Ru_TFAnubVuWc87i-7z&pp=iAQB
// YouTube video REFERENCE //
Hacking IP Cameras: https://youtu.be/yMAWcHP6yn8
Are VPNs even safe now?: https://youtu.be/Qqd9KzPVBb8
// David's SOCIAL //
Discord: https://discord.com/invite/usKSyzb
X: https://www.twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal
LinkedIn: https://www.linkedin.com/in/davidbombal
Facebook: https://www.facebook.com/davidbombal.co
TikTok: http://tiktok.com/@davidbombal
YouTube: https://www.youtube.com/@davidbombal
Spotify: https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud: https://soundcloud.com/davidbombal
Apple Podcast: https://podcasts.apple.com/us/podcast/david-bombal/id1466865532
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MENU //
0:00 - Coming Up
0:55 - Intro
01:12 - OTW's New Books
02:33 - Sharepoint Exploit
05:08 - Deserialization & Serialisation Explained
09:34 - The Aftermath of the Sharepoint Hack
12:35 - The Origin of the Sharepoint Exploit
13:15 - Exploit Proof of Concept
18:48 - Exploit Summary (Step by Step)
22:42 - Who will be Affected?
24:26 - The Repercussion of Being Hacked
28:04 - Final Thoughts
30:32 - Quantum
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#sharepoint #zeroday #microsoft

David Bombal

Want to learn about IT? Want to get ahead in your career? Well, this is the right place! On this channel, I discuss Linux, Python, Ethical Hacking, Networking, CCNA, Virtualization and other IT related topics. This YouTube channel has new videos upload...

One Skill Every Problem-Solver Needs

How One Prompt Hijacked Lenovo’s AI Chatbot

Your firewall could be hijacked today—here’s how to stop it

UK Just Declared WAR on VPNs

USA stops UK creating Apple backdoor. Why it matters to you!

Dell Laptops Hacked

Car Features PAYWALLED: hardware already inside

Germany’s ad-blocker RISK in 2025: what’s at stake

Two API Flaws That Could Unlock Your Car

Light Internet STOPS tracking -100 Mbps kit

GPT-5 Just Dropped… And It’s NOT What You Think

Why would you RUN this COMMAND?!!

UK Piracy Blocks: Your VPN's UK Exit Won't Help

This “USB” Can Steal Your Files in Seconds ?

This Raspberry Pi Can Tell If You’re Being Followed

Stop Trusting Input: 3 RULES

This Museum Turns VIRUSES Into Art?!

AI Clones Your Voice in Just SECONDS

This Device Sends Internet Through LIGHT (Not Radio)

? Hackers HATE This Wireless Trick

AI REPLICATED the Equifax Hack - No Humans Involved

This Law Could KILL Internet Freedom

You’ll OWN NOTHING... and YOU pay the price!

Hacker QUITS mid-attack... ZERO trust beat them

2 FLAWS Let Hackers Own MILLIONS of Cars

AI CROSSED the Line - Taylor Swift Deepfakes!

This Charging Cable Can HACK You ?

Why Your Privacy Won’t Survive Smart Tech

Vibe Coding Will Get You HACKED (Here's the Fix)

He wrote Malware at 15 to get revenge on bullies

Microsoft is spyware now (again!)?

Firewall Zero Day Hack in the wild ☹️ #firewall #hack

All are equal... except UK MPs

AI Expert Gary Marcus on the Harsh Truth About ChatGPT-5

750 Data Brokers, One Fix

AI vs AI starts NOW: who really has the edge?

Death Stranding Photo Mode Beats Discord Age Check

SharePoint ZERO-DAY Lets Hackers Walk Straight In

How the UK KILLED Privacy: The Online Safety Act Nightmare

Will the UK's Proposed NEW Ransomeware Law WORK?

This AI Almost WIPED Your Code

UK LAW triggered 1,400% VPN SURGE

Don’t share your SECRETS with ChatGPT, protect your PRIVACY

Brave BLOCKS Big Brother Microsoft's Spy Tool...

ID Uploads: The Privacy Disaster Waiting to Happen

DANGEROUS AI Malware Hides in JPEGs?

North Korea’s $17M Fortune-500 Remote Job SCAM

ChromeOS experience BUILT on Android

Disney moves 1.6 TB videos at 100 Gbps to DESKTOPS

VPN PROMISES BROKEN... ExpressVPN’s Debug Leak

You Use Arch Linux? You’re not IMMUNE!

Is "Network" Chuck Back? And why is Networking Cool Again?

This 51Tbps Chip SOLVES the GPU Bottleneck

Finally Understand NAT and PAT, Wireshark shows every translation

This FREE Tool Shows Real-Time Cyber Attacks

PATCH NOW: Cisco ISE RCE is being exploited

Agentic AI Is LEAKING Sensitive Data Right Now

Japan just melted the internet speed record

This AI DELETED production data and LIED about it

Your Car's Bluetooth Could Let Hackers In... Here's How!

Hardcoded PASSWORDS in 2025? ?

Don’t Peek! Fiber Lasers Can BLIND You...

How Hackers Broke McHire with ‘123456’… 64M Records Exposed

Master Windows Tab Shortcuts: Ctrl + T, Ctrl + Tab & More

Companies Hire North Korean IT Pros Then They Hack Them!

STOP Unauthorized Plugs: 3 Violation Modes EXPLAINED

One CLICK to CONTROL Your Car... Crazy Bluetooth Hack

AI Email Summaries HACKED... Your Gmail Isn’t Safe

McDonald's TERRIFYING Password Fail: 64 Million Exposed!

Ethernet Alternative: 2 Gbps Over Coax BETTER than Wi-Fi Dead Zones

Is CLI DEAD… And Is AgenticOps The FUTURE?

He CREATED Wireshark - And It Changed Cybersecurity FOREVER

Gbps vs GBps: The Internet Speed Mistake People Makes

This 100Gbps Card Was Too FAST for My PC ?

ADMIN Access GRANTED Without Password... 3 Year-Old Hack Still Works

The VPN Lie Everyone Believes ?

STOP Wasting $500 on SFPs ✋

WAIT… Mac Still Prefers IPv4? ?

STOP Clicking Around – Use This Shortcut Instead!

SCARY TAPS Wireshark Genius Carries!

Disney moves 1.6 TB videos at 100 Gbps to DESKTOPS

Master Windows Tab Shortcuts: Ctrl + T, Ctrl + Tab & More