ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", "Hashtag": "as:Hashtag" } ], "id": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976", "type": "Note", "summary": null, "inReplyTo": "https://infosec.exchange/users/screaminggoat/statuses/112649830425492018", "published": "2024-06-22T12:36:09Z", "url": "https://infosec.exchange/@screaminggoat/112660301048445976", "attributedTo": "https://infosec.exchange/users/screaminggoat", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/screaminggoat/followers", "https://cyberplace.social/users/GossiTheDog" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976", "inReplyToAtomUri": "https://infosec.exchange/users/screaminggoat/statuses/112649830425492018", "conversation": "tag:infosec.exchange,2024-06-11:objectId=166832790:objectType=Conversation", "content": "<p>Robel Campbell of Blackpoint Cyber performed patch diffing and root cause analysis on the Microsoft Outlook Remote Code Execution Vulnerability CVE-2024-30103 (see parent toot for links) and stated the following:</p><blockquote><ul><li>It requires valid credentials of the target user to exploit. This is important to know because there is a lot of posting calling this a 'zero-click' exploit and while it might be true to an extent, you still need to be able to create a Form in the target users Outlook client, which requires authorization.</li><li>It's a bypass for a previously patched vulnerability (CVE-2024-21378)</li><li>Indicators of exploitation may include a suspicious DLL loaded in the Outlook.exe process, suspicious outbound connections from Outlook.exe and spawned child processes.</li><li>Exploitation is less likely at a large scale given that an attacker would need a user's credentials to set the attack up. Applying the latest patches is the best way to defend against this exploit.</li></ul></blockquote><p>View the original message at the bad site: <a href=\"https://twitter.com/RobelCampbell/status/1804171069558755624\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">twitter.com/RobelCampbell/stat</span><span class=\"invisible\">us/1804171069558755624</span></a> cc: <span class=\"h-card\" translate=\"no\"><a href=\"https://cyberplace.social/@GossiTheDog\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>GossiTheDog</span></a></span> </p><p><a href=\"https://infosec.exchange/tags/CVE_2024_30103\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE_2024_30103</span></a> <a href=\"https://infosec.exchange/tags/CVE_2024_21378\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE_2024_21378</span></a> <a href=\"https://infosec.exchange/tags/Outlook\" class=\"mention hashtag\" rel=\"tag\">#<span>Outlook</span></a> <a href=\"https://infosec.exchange/tags/vulnerability\" class=\"mention hashtag\" rel=\"tag\">#<span>vulnerability</span></a> <a href=\"https://infosec.exchange/tags/CVE\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE</span></a> <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a></p>", "contentMap": { "en": "<p>Robel Campbell of Blackpoint Cyber performed patch diffing and root cause analysis on the Microsoft Outlook Remote Code Execution Vulnerability CVE-2024-30103 (see parent toot for links) and stated the following:</p><blockquote><ul><li>It requires valid credentials of the target user to exploit. This is important to know because there is a lot of posting calling this a 'zero-click' exploit and while it might be true to an extent, you still need to be able to create a Form in the target users Outlook client, which requires authorization.</li><li>It's a bypass for a previously patched vulnerability (CVE-2024-21378)</li><li>Indicators of exploitation may include a suspicious DLL loaded in the Outlook.exe process, suspicious outbound connections from Outlook.exe and spawned child processes.</li><li>Exploitation is less likely at a large scale given that an attacker would need a user's credentials to set the attack up. Applying the latest patches is the best way to defend against this exploit.</li></ul></blockquote><p>View the original message at the bad site: <a href=\"https://twitter.com/RobelCampbell/status/1804171069558755624\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">twitter.com/RobelCampbell/stat</span><span class=\"invisible\">us/1804171069558755624</span></a> cc: <span class=\"h-card\" translate=\"no\"><a href=\"https://cyberplace.social/@GossiTheDog\" class=\"u-url mention\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">@<span>GossiTheDog</span></a></span> </p><p><a href=\"https://infosec.exchange/tags/CVE_2024_30103\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE_2024_30103</span></a> <a href=\"https://infosec.exchange/tags/CVE_2024_21378\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE_2024_21378</span></a> <a href=\"https://infosec.exchange/tags/Outlook\" class=\"mention hashtag\" rel=\"tag\">#<span>Outlook</span></a> <a href=\"https://infosec.exchange/tags/vulnerability\" class=\"mention hashtag\" rel=\"tag\">#<span>vulnerability</span></a> <a href=\"https://infosec.exchange/tags/CVE\" class=\"mention hashtag\" rel=\"tag\">#<span>CVE</span></a> <a href=\"https://infosec.exchange/tags/Microsoft\" class=\"mention hashtag\" rel=\"tag\">#<span>Microsoft</span></a></p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://cyberplace.social/users/GossiTheDog", "name": "@GossiTheDog@cyberplace.social" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/cve_2024_30103", "name": "#cve_2024_30103" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/cve_2024_21378", "name": "#cve_2024_21378" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/outlook", "name": "#outlook" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/vulnerability", "name": "#vulnerability" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/cve", "name": "#cve" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/microsoft", "name": "#microsoft" } ], "replies": { "id": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976/replies?min_id=112949753767301637&page=true", "partOf": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976/replies", "items": [ "https://infosec.exchange/users/screaminggoat/statuses/112949753767301637" ] } }, "likes": { "id": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976/likes", "type": "Collection", "totalItems": 13 }, "shares": { "id": "https://infosec.exchange/users/screaminggoat/statuses/112660301048445976/shares", "type": "Collection", "totalItems": 11 } }