Healthcare Software Exploit: CVE-2023-43208 

lol - when you showed the deny list, I thought was a easy capture the flag game - 😊 not a live medical platform

Awesome! First time seeing zero-day in action. Thankyou John!

I’m a integration engineer for a hospital…. thank god we don’t use Mirth. But overall, hospital systems are super tight in network security. Ain’t no way anyone is breaking into our application servers. We get tested constantly for social attacks, plus our systems are all local/self-hosted anyways. Our security guards are all pretty paranoid scary looking dudes

Great practical: both building the novel intrusion side and the detection rule authoring side.

Thanks John, your timing is impeccable. I was just reading about the hospital hacks and was wondering how it was happening. This is great to see the whole process of what it is, how its attackable and how to defend against the threat. Been in IT for awhile and hoping to transfer to cyber. Is there a role that doesn't both sides like you demo here in the video thrse days?

I love this channel. Their simple methods of teaching are amazing.

The stages involved in resolving issues related to CVE-2023-43208 include: 1. Discovery: The vulnerability is discovered, in this case, arising from an incomplete patch for CVE-2023-37679. 2. Reporting: The vulnerability is reported by IHTeam. 3. Patching: A patch for the vulnerability is developed and released, as seen in Mirth Connect version 4.4.0. 4. Investigation: The patch is analyzed to understand the impact and scope of the vulnerability. 5. Mitigation: Organizations utilizing affected software versions are advised to update to Mirth Connect version 4.4.1 to mitigate the risks associated with CVE-2023-43208.

a good learning experience for me. Thank you John!

Awesome content as usual John. Keep doing what you do. You’re the man!

I love your videos man, but wow the popping on your condenser mic rips through my speakers!

What a fantastic video John. Keep up the good work!

Excellent Video John, thanks for sharing

Excellent, Please do more of such exploit demos.

Welp, time to go remediate

Another awesome video from John 🎉

i saw this... Good explanation!

Ah gotta love XML rest apis

Love seeing the defensive side.

I am working as a medical biller and I have used that software before

This is loose in the wild. I've got several letters saying my stuff was compromised.

next malware analysis

They way you type with your middle finger is wild, John.

Seems like the License Key is only if you want to install extensions via that Mirth Connect program, weird

Hey John, If I want to find this vulnerable code in ghidra, what file should I target? There are so many complications

Yes amazing channel. Its just Inspire me.

Great video , thank you

So, you have an API. Which is publicly available, not just to your frontend. With user objects exposed. How does this not throw up enough red flag as it is, did it have to have an XML demarshalling vulnerability as well? And, their position on the log4j issue was also... a bit iffy, to say the least. "We use log4j v1.2.x, the vulnerability came first in v2.x" - eh.... well, I bet that version of log4j has even more exploit potential being so old (1.2.17, which was the last version of 1.x, was discontinued in 2015). Ok, they upgraded to a newer, non-vulnerable (at least for the JNDI-exploit) version now, but who says we'll not end up there with other third-part libraries or even log4j again?

This reminds me of Hacknet.

great video, loved it

Awesome! Thank you John for the insight!

Nice john 👌❤️😉

"a standalone Python script" Python's requests library isn't installed by default.

Going to see an insane amount of hacks this year. It's to scare you into CBDC and close the trap. Resist at all costs!

Careful john, dont hand over those knives to script kitties….

Is it just me or does this guy sound like Seth Rogan?

Ah ya goda patch it!

Aint no way a python script written by chatgpt worked without issue in runtime or with the exploit itself

Man. I used to managed these interfaces. HL7 is kind of a shit show and the interface engines are really in need of some love.

👏👏👏

Let’s fucking go!

Hello John can you make a video on how to create custom cve detectors like how pentest tools works or share a good reference to am trying to make mine thanks

5:37 what song is this?

1:25 Give me a break with the AI. Any IT thing is only as good as the humans who set it up, program it, and run it.

is there a way to find PoC's of some latest exploits? anyone who know just comment down some suggestions

As a technician in the medical field for over 20 yrs, I have ZERO tolerance with MDs. More worried about having their license pulled than anything. Already changing doctors for my MOM because one was PUSHING for a new med on TV. Take note doctors, license or not, we are not FOOLED!

Aku tidak bisa bahasa engles pa engga ngerti artinya pa

Love from india

What's so special about arch linux?