SharpCovertTube is a program created to control Windows systems remotely by uploading videos to Youtube.
The program monitors a Youtube channel until a video is uploaded, decodes the QR code from the thumbnail of the uploaded video and executes a command.
The QR codes in the videos can use cleartext or AES-encrypted values.
It has two versions, binary and service binary, and it includes a Python script to generate the malicious videos. Its purpose is to serve as a persistence method using only web requests to the Google API.
Run the listener in your Windows system:
It will check the Youtube channel every a specific amount of time (10 minutes by default) until a new video is uploaded. In this case, we upload “whoami.avi” from the folder example-videos:
After finding there is a new video in the channel, it decodes the QR code from the video thumbnail, executes the command and the response is base64-encoded and exfiltrated using DNS:
For more information click here
A critical vulnerability, CVE-2025-29927, has recently been identified in the Next.js ecosystem, allowing attackers to…
The Awesome-Redteam repository is a comprehensive collection of tools and resources designed for red teaming…
ByDeF is a tool designed to generate an undetectable Portable Executable (PE) file, specifically a…
A critical vulnerability, CVE-2025-29927, has been identified in Next.js, a React-based web framework by Vercel.…
pugDNS is an experimental, high-performance DNS query tool designed to facilitate fast and accurate bulk…
The ZeroDays CTF 2025, held on March 22nd at Croke Park in Dublin, Ireland, marks…