LiveOverflow
Reverse Engineering Introduction Walkthrough - intro_rev/rev1 CSCG 2020
updated
Minecraft Protocol: https://wiki.vg/Protocol#Set_Player_Position
Community Showcase: EnderKill98
Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Episode 18:
00:00 - Intro TPAura / InfAura
00:51 - Basic Reach Hack
01:59 - Other Player's PoV
02:42 - Extended Reach Attack
04:03 - Basic Implementation Walkthrough
05:04 - Why Stupid Names for Hacks?!
05:21 - Teleport Challenge: The Vault
07:23 - EnderKill98
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Shoutout to TP-Overflow: P1x3lPro (found cat exploit), Overlord2036, Enderkill98, 7H3, MonkeySaint, 19MisterX98
Community Showcase: DarkMetalMouse
Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Episode 17:
00:00 - Intro
00:24 - 1.19.2 Demo Mode
01:00 - Let's Play: New Base Storage Area
03:44 - Hopper Sorter Plugin
06:08 - Reach Hack Showcase
09:24 - Let's Play: Minecart System
11:14 - Cats in Minecraft are Evil
12:23 - Tamed Cat AI Behavior Exploit
17:14 - Look Direction Triangulation
19:38 - Environments: Snowball Challenge
21:48 - Community Showcase: DarkMetalMouse Coordinate Cracking
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Chapters:
00:00 - Intro to "What is a Server?"
00:47 - Wikipedia Server Definition
01:42 - Game Servers
02:50 - Client and Server Communication
04:30 - Web Servers
05:10 - A Server is just a Program
06:38 - A Server is just a Computer
08:30 - Server Hardware
10:10 - What is Server Software?
11:54 - Servers are Everywhere
14:00 - Related Terms and Thought Experiment
17:04 - Outro
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Episode 9 Seedcracking: youtube.com/watch?v=gSxcDYCK_lY&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG&index=11
Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Showcase: LeBogo, Philipp_DE, Nocturne, AliFurkan and Cheesburger
- github.com/homelyseven250/rusty-pinger/blob/main/src/main.rs
Episode 14:
00:00 - Intro
02:38 - A New Beginning ...
04:28 - Improved Fly Hack
07:44 - Improved XRay Mod
10:48 - Automatic Farming
13:19 - Trading Bot
16:48 - My New Base
18:01 - The Old Server
19:15 - Community Showcase
20:50 - LeBogo's Placeholder Bot
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Minecraft:HACKED youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
OALabs about VPNs: youtube.com/watch?v=hR5YOV__gGk
Chapters:
00:00 - Intro
01:05 - What are IP Addresses?
01:41 - IP Addresses are Public!
02:24 - Router NAT
03:50 - Legal Implication of Shared IPs
04:35 - DS-Lite / Carrier Grade Nat
05:40 - Static IP Address
06:45 - Impact of Leaking an IP
08:05 - Denial of Service Attacks
09:10 - ISP vs. VPN Privacy Implication
11:16 - What is a Privacy Issue?
12:09 - Leaking Minecraft Player IPs
12:59 - "If you care about privacy, don't connect to anything with your IP"
13:55 - IPv4 vs. IPv6
15:02 - Use TOR!
15:48 - Conclusion
16:44 - OALabs Shoutout
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Maizuma Games: youtube.com/c/MaizumaGames/videos
WorldGuard: github.com/EngineHub/WorldGuard
HackForums: hackforums.net/showthread.php?tid=5495770
Episode 13:
00:00 - Intro
01:03 - State of Griefing on the Server
04:00 - Research Motivation
05:26 - Building Club Mate Bottle Challenge
06:08 - Challenge Bypasses
08:24 - WorldGuard Region Entry Protection
09:24 - Code Review of Movement Packets
10:49 - Building the Club Mate Fountain Ruin
11:38 - WorldGuard Bypass Showcase
12:11 - Minecraft 1.9 AntiCheat Bypass
12:55 - Should this be fixed?
14:30 - Community Showcase: DarkReaper
Credits/Comments from DarkReaper:
Hack based on: github.com/BleachDev/BleachHack
Special thanks to wagyourtail for optimizing EventlessFly: github.com/wagyourtail
github.com/GreenScripter/sign-restorer
Episode 14 Teaser: youtube.com/watch?v=RlKGdMwwRJg
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Full Playlist "The History of XSS": youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSi
Hotmail "Attackments": web.archive.org/web/19981205221020/http://because-we-can.com/attackments/default.htm
Which freemail services are safe: web.archive.org/web/19981207041804/http://because-we-can.com:80/all/compare.htm
Article about XSS: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html ; web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html
Microsoft Press Release: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html
Microsoft XSS FAQ: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html
CA-2000-02: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html
Chapters:
00:00 - Intro and Recap
01:35 - XSS's 10th Birthday
02:51 - Talking to David Ross
03:47 - Cross-frame Security Issues
04:43 - Hotmail ATTACKMENTS
06:40 - Breeding Ground for XSS
08:05 - Microsoft in 1999
09:48 - "Cross-Site Scripting" Name Origin
11:56 - CERT Advisory CA-2000-2
13:30 - Do you remember XSS?
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Jabadoo Security Hole in Explorer 4.0: seclists.org/bugtraq/1997/Oct/85
Aleph One on Jabadoo: seclists.org/bugtraq/1997/Oct/87
Georgi Guninski "IE can read local files": seclists.org/bugtraq/1998/Sep/47
Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf
"Cross-frame security policy": seclists.org/bugtraq/2000/Jan/93
Episode 01 - First JS Bug: youtube.com/watch?v=bSJm8-zJTzQ
Episode 02 - Three JS Security Researcher: youtube.com/watch?v=VtcA58555lY
Episode 03:
00:00 - Intro to the "Age of Universal XSS"
01:16 - JavaScript Security in Netscape 1996
01:52 - JScript Vulnerability in Internet Explorer
03:38 - Georgi Guninski: IE can read local files (1998)
05:12 - Who is Georgi Guninski?
06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy
09:41 - David Ross from Microsoft about Georgi
10:16 - "Cross-Frame" Browser Bugs
11:17 - Universal Cross-Site Scripting
12:15 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Watch full series: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Chunkbase Seed Map: chunkbase.com/apps/seed-map#LiveOverflow61374546
Enjoys Building Spawn House Time-lapse: youtube.com/watch?v=dfPeM2siWOY
The random dev setup video I used: youtube.com/watch?v=YOBt2SABHlM
Cubiomes: github.com/Cubitect/cubiomes
Episode 12:
00:00 - Intro
00:46 - Let's Play: The Item Sorter
02:23 - Let's Play: Exploring Spawn Area
04:05 - Thoughts on the Server Community
04:54 - Let's Play: Plans for the End
05:53 - How I got the LiveOverflow server Seed
06:56 - Tutorial: Defeat The Final Minecraft Level
08:02 - Anti-human Plugin Development
10:09 - How Server Plugins Work
12:41 - Teaser: Jungle Secrets
=[ ❤️ Support ]=
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
=[ 🐕 Social ]=
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Bugtraq 1997 - LoVerso: seclists.org/bugtraq/1997/Jun/88
LoVerso Website: web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascript
LoVerso dir.html PoC: web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.html
Tasty Bits from the Technology Front: web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.html
TBTF about Netscae 2.0b3: web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.html
Scott Weston on TBTF: web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.html
Bugtraq about Bug Bounty 1995: seclists.org/bugtraq/1995/Oct/12
Episode 01: youtube.com/watch?v=bSJm8-zJTzQ
Episode 03: youtube.com/watch?v=gVblb-QhZa4
Episode 02:
00:00 - Intro
00:45 - First JavaScript Vulnerability
02:00 - John Robert LoVerso
03:19 - First Directory Browse Vulnerability
04:16 - Comparison to My Exploit
05:13 - John Tennyson
05:44 - Tasty Bits from the Technology
06:16 - Netscape's Bug Bounty
06:48 - Scott Weston history stealing
08:12 - The Three Legends of JavaScript Security
08:59 - The Year 1996
09:31 - JavaScript can't claim to be secure
10:25 - ECMAScript: JavaScript Specification
11:13 - Next Episode Teaser
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
vktec: youtube.com/c/vktec/videos
Minecraft Protocol Vulnerability: youtube.com/watch?v=i-2UgCDdhpM
Minecraft:HACKED Playlist: youtube.com/watch?v=Ekcseve-mOg&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Episode 11:
00:00 - Let's Play: State of Server
03:56 - Let's Play: Massive Roller Coaster!
06:06 - Brainstorming Force-OP Methods
07:39 - Discovering XSS Payload
09:50 - Debugging Root Cause in JavaScript
11:59 - Scanning for XSS Issues
13:39 - Let's Play: Spawn Griefing Mystery
14:23 - Another Minecraft Protocol 0day!
18:05 - AES/CFB8 Self-Synchronizing
20:26 - Security Research Conclusion
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
This video is sponsored by Intel and their Project Circuit Breaker: projectcircuitbreaker.com
How to Benchmark Code Execution Times: intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdf
Anders Fogh: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
Speculose: arxiv.org/abs/1801.04084
RIDL Paper: mdsattacks.com/files/ridl.pdf
Foreshadow PoC: github.com/gregvish/l1tf-poc/blob/master/doit.c
Sebastian Österlund: https://osterlund.xyz/
Chapters:
00:00 - Intro & Motivation
00:57 - Concept #1: CPU Caches
01:57 - Measure Cache Access Time with rdtscp
05:00 - Concept #2: Out-of-order Execution
06:11 - CPU Pipelining
07:13 - Out-of-order Execution Example
09:19 - CPU Caching + Out-of-order Execution = Attack Idea!!
10:33 - Negative Result: Reading Kernel Memory From User Mode
13:45 - Pandoras Box
14:23 - Interview with Sebastian Österlund
17:24 - Accidental RIDL Discovery
19:31 - NULL Pointer Bug
21:50 - Investigating Root Cause
23:28 - Conclusion
24:24 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
2No2Name (original finder) Zombie AI: youtube.com/watch?v=0HvXMFwaYss
docm77: youtube.com/watch?v=BoVMWNeVLf4&t=2148s
Episode 10:
00:00 - Let's Play: Building Timelapse
01:16 - Code Review vs. Dynamic Testing
02:29 - Example #1: Creeper Farm Code Review
04:10 - Example #2: Fall Damage Dynamic Testing
05:45 - docm77 Zombie Prank on Hermitcraft
06:55 - How to Find The Zombie AI Bug
10:03 - Does it Affect Other Mobs?
11:16 - Other Players on the Server
12:00 - Let's Play: Bee Farm Timelapse
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Compiler Explorer: godbolt.org
Decompiler Explorer: dogbolt.org
C code example: github.com/LiveOverflow/liveoverflow_youtube/blob/master/0x05_simple_crackme_intro_assembler/license_1.c
Introducing Decompiler Explorer - https://binary.ninja/2022/07/13/introducing-decompiler-explorer.html
00:00 - Intro
00:23 - Motivation
01:00 - How to c?
02:11 - godbolt Basic Usage
03:40 - Function Call on x64
04:30 - Intel vs ARM assembly
05:22 - godbolt Compiler Options
05:50 - Enable gcc O3 Compiler Optimization
06:35 - Decompiler Explorer dogbolt
07:16 - Comparing Decompiled main()
08:25 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Cookies Explained: web.archive.org/web/19970605224124/http://help.netscape.com/kb/client/970226-2.html
Netscape 2.0b1 LiveScript: web.archive.org/web/20021212124306/http://wp.netscape.com:80/eng/mozilla/2.0/relnotes/windows-2.0b1.html
Netscape 2.0b2 JavaScript: web.archive.org/web/20041211182909/http://wp.netscape.com/eng/mozilla/2.0/relnotes/windows-2.0b2.html
JavaScript Documentation: web.archive.org/web/19970613234917/http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/index.html
Netscape 2.02 Security Fixes: web.archive.org/web/20030711134218/http://wp.netscape.com/eng/mozilla/2.02/relnotes/windows-2.02Gold.html#Security2
Netscape 3: web.archive.org/web/20020808153106/http://wp.netscape.com:80/eng/mozilla/3.0/handbook/javascript/advtopic.htm#1009533
Bugtraq Java Applet RCE: seclists.org/bugtraq/1996/Jun/27
Donate to Web Archive: archive.org/donate
Chapters:
00:00 - Intro and Motivation
00:43 - How the Internet Works
01:43 - Online Services in 1994/95
03:08 - JavaScript Released in 1995
04:40 - HTML frames and framesets
05:16 - Cross-Domain Attack Example
06:54 - Fixing the Attack
08:00 - The First Web Exploit?
08:37 - The Same Origin Policy (SOP)
09:35 - Historical Context: Crashes, Java Applets, ...
11:06 - Outro and Shoutout
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
SeedcrackerX: github.com/19MisterX98/SeedcrackerX
Texture Rotation: github.com/19MisterX98/TextureRotations
Mathew Bolan Seedcracking: youtube.com/watch?v=8CKh4x4iK38&list=PLke4P_1UHlmB8sB1oGdcea4SeBH0yZy5B
Episode 09:
00:00 - Intro
00:27 - Reviewing Server Logs
01:53 - Leaking Server IP
03:16 - Other Server Scanning Projects
03:54 - Getting Imprisoned!
05:17 - Escaping the Maze
07:40 - PIN Code Door
08:29 - Jumping Puzzle
09:37 - Failing Final Quiz
10:41 - The Well of Death
12:07 - Seedcracking with SeedcrackerX
13:27 - Attacking Blurry Seed
15:56 - Manual Seedcracking with 19MisterX98
16:37 - Step 1: Copy an Area From Video
18:30 - What is a "Random Seed"
16:37 - Step 2: Finding Coordinates Through Texture Rotation
24:58 - Step 3: Cracking Seed Through Tree Leaves
26:13 - How a Minecraft Tree Generates
26:33 - World Seed, Population Seed, Chunk Seed, ...
32:15 - Text Seed vs. Number Seed
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Obviously this video is not legal advice.
I forgot about StGB 263a "Computer Fraud" in this video. It's also interesting to speculate about interpretations, however it focuses on financial losses and your intention to enrich yourself. So as security researchers it's less applicable, because we don't look for financial gains.
Useful links:
Translated German Criminal Law: https://www.gesetze-im-internet.de/englisch_stgb/
Der Hahn erklärt Cyber-Strafrecht: youtube.com/watch?v=EDqOCxdJSPE
00:00 - Intro and Motivation
01:15 - German Criminal Law
02:57 - StGB 202b - Phishing/MITM
03:55 - StGB 202c - Collecting Credentials
04:33 - StGB 202a - Hacking
04:59 - Example #1: Basic IDOR
06:20 - Example #2: Path Traversal
07:01 - OPTAIN ACCESS to Data
08:25 - Example #3: Minecraft log4shell Scanning
09:30 - Example #4: Technical Limitations?
10:44 - "Vulnerability" or "Exploit" not part of the Law
11:38 - Hacking Attempt is NOT Punishable
12:41 - StGB 202c - Hacking Tools
13:50 - Interpretation by German Federal Court
15:49 - StGB 303a - Data Manipulation
16:50 - StGB 303b - Computer Sabotage
17:13 - Example #5: Hacking a Bank!
18:41 - Hacking with Permissions?
19:50 - Conclusion
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Timber Forge: youtube.com/channel/UC606Jh3yjNj40dcVuMwtUCw
McMakistein: youtube.com/user/McMakistein
Information leak in Minecraft 1.8: blog.punkeel.com/2018/09/12/minecraft-18-info-leak
Fuzzing Java: youtube.com/watch?v=kvREvOvSWt4
Chapters:
00:00 - Intro
00:44 - Herobrine's Bunker
03:06 - Researching Creepers
05:16 - SUPER FAST BUILD MODE
06:43 - How Custom Models Work
11:33 - Attack Surface Overview
12:44 - Resource Pack Security Research
20:46 - Open Server Experiment
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Log4shell explained: youtube.com/watch?v=w2F67LbEtnk
Log4j in Minecraft by John Hammond: youtube.com/watch?v=7qoPDq41xhQ
limited ldap server by leonjza: github.com/leonjza/log4jpwn/blob/master/pwn.py
Docker Minecraft Server: github.com/itzg/docker-minecraft-server
Episode 07:
00:00 - Intro
01:37 - Let's Play:
05:24 - Building Spider XP Farm
06:05 - Ethical Internet Scanning?
12:20 - Minecraft Hosting Business
19:35 - Log4shell Scan Results
25:45 - Conclusion
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
This video is sponsored by Google.
The announcement: security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.html
Winning submissions:
#1 https://www.seblu.de/2021/12/iap-bypass.html ($133,337)
#2 github.com/irsl/gcp-dhcp-takeover-code-exec ($73,331)
#3 mbrancato.github.io/2021/12/28/rce-dataflow.html ($73,331)
#4 irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea ($31,337)
#5 https://lf.lc/vrp/203177829 ($1001)
#6 docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs ($1000)
GCP Prize 2020: youtube.com/watch?v=g-JgA1hvJzA
GCP Prize 2019: youtube.com/watch?v=J2icGMocQds
Google Paid Me to Talk About a Security Issue! youtube.com/watch?v=E-P9USG6kLs
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 youtube.com/watch?v=kvREvOvSWt4
----
00:00 - Intro GCP Prize 2021
01:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior
03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems
08:31 - 4. "The Speckle Umbrella story — part 2" by Imre Rad
11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato
15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad
20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz
22:42 - Summary and Conclusion
23:58 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Did 2b2t Griefers Just Do The Impossible? youtube.com/watch?v=fvbVnT-RW-U
Griefing Jeb's Private Server w/ Babbaj, orsond, Zetrax, and _Aaron_ youtube.com/watch?v=vrjf33A2Vkc
Maybe jeb_ server grief was fake? youtube.com/watch?v=lk70_G32jvg
Hermitcraft 9 Episode 4: The Base Is DONE! youtube.com/watch?v=6coT21RT7HQ
masscan: github.com/robertdavidgraham/masscan
Mongo Express: github.com/mongo-express/mongo-express
dramatiq: dramatiq.io/guide.html
Episode 06:
00:00 - Let's Play: Building
04:21 - Some Thoughts on Griefing
09:42 - Griefing vs. Reporting Vulnerabilities
11:05 - Building a Minecraft Server Scanner
17:48 - Exploring the Data
19:44 - Griefing Random Servers
24:36 - Let's Play: Iron and Sugarcane Farm
26:18 - Outro
Copyright Music:
C418 - Minecraft Soundtrack
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Checkout ilmango: youtube.com/c/ilmango
SciCraft: twitter.com/scicraft_
XRay Mod Inspriation: github.com/ate47/Xray
Minecraft Protocol: https://wiki.vg/Protocol_Encryption
AES CFB: en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)
The Bug Report MC-249235: bugs.mojang.com/browse/MC-249235
Episode 05:
00:00 - Intro: ilmango/SciCraft shoutout
01:16 - XRay Mod
02:12 - Let's Play: Mining & Enchantments
05:16 - Mojang to Microsoft Account Migration
11:15 - Let's Play: The Nether
13:42 - Auditing Minecraft Encryption Protocol
16:14 - Attacker Observes Traffic
16:51 - Attacker Controls Malicious Server
21:07 - Auditing AES/CFB8 Encryption
24:00 - Proof of Concept Attack
26:00 - Reporting to Mojang
27:19 - Let's Play: Herobrine
Copyright Music:
C418 - Minecraft Soundtrack
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Simple AFK Treasure Fish Farm Concept for 1.19 Sculk Sensor:
youtube.com/watch?v=L-g9ml6wzgM
Easy Carrot & Potato Crop Farm Tutorial | Simply Minecraft (Java Edition 1.17/1.18)
youtube.com/watch?v=A8DQYpk5944
MrTroot/autofish github.com/MrTroot/autofish
Trolling 2b2t Players with a "Magic Carpet" youtube.com/watch?v=Ze9a-I-kFt4
Episode 04:
00:00 - Intro
01:23 - AFK Fishing Farm Explained
05:30 - Let's Play: Villager Breeder & Potato Farm
07:00 - The Scientific Method
10:27 - Inventing a 1.19 AFK Fish Farm
12:25 - Developing AutoFish Mod
18:14 - Bypassing Server Flying Detection
23:32 - Flying without Elytra!
24:52 - Outro
Music:
C418 - Minecraft Soundtrack
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Fabric Example Mod: github.com/FabricMC/fabric-example-mod
Mixin Examples: fabricmc.net/wiki/tutorial:mixin_examples
Mixin Wiki: github.com/SpongePowered/Mixin/wiki
Shulker Dupe mod by 0x3C50: github.com/Coderx-Gamer/shulker-dupe
FredOverflow: youtube.com/watch?v=WPDV3LgUL2E
Episode 03:
00:00 - Let's Play: Enderpearl Glitch
02:10 - Let's Play: Caving
04:07 - What is Cheating?
14:00 - How to Code Client Mods
15:30 - Hacks: Java Bytecode Modification
21:15 - Let's Play: Return to Surface
Music:
C418 - Sweden
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Nullcon: nullcon.net/berlin-2022
Card game: thecodeck.com
Magic Word Writeup: ctftime.org/writeup/33233
advertisement: This video is labeled as an ad, but this video was not sponsored by nullcon. I just do it to make sure German regulators cannot complain.
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Paper Server: github.com/PaperMC/Paper
Minecraft EULA: minecraft.net/en-us/eula
Fabric Intermediary Mappings: github.com/FabricMC/intermediary
Fabric Yarn Mappings: github.com/FabricMC/yarn/tree/1.18.2-pre3/mappings/net/minecraft
Grab the files: github.com/LiveOverflow/minecraft-hacked
Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Episode 02:
00:00 - Let's Play: Map Exploration
02:47 - How Does Minecraft Help With Hacking?
06:06 - Introduction to Minecraft Servers
09:13 - Minecraft Reverse Engineering
17:03 - Let's Play: The Return to Base
Music:
C418 - Minecraft Soundtrack
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Disclaimer: This is not an ad, I'm not French, I have no stake in this election, I just love Minecraft.
The Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Grab the files: github.com/LiveOverflow/minecraft-hacked
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
I know this is a weird video for this channel, but it was really fun to combine Minecraft storytelling with technical tutorials. The result is a very unique hacking tutorial that hopefully can reach lots of new people. I hope you enjoy it!
Game Hacking Pwn Adventure Series: youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgG
Devlog Hacking Game: youtube.com/playlist?list=PLhixgUqwRTjwrqAY_YDWllMw4e5E89E3x
Quarry: github.com/barneygale/quarry
The Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
Grab the files: github.com/LiveOverflow/minecraft-hacked
Episode 01:
00:00 - Let's Play: The Spawn
02:24 - About This Project
06:33 - Let's Play: First Adventure
08:20 - Motivation to Research the Protocol
10:21 - Setup Local Server
13:17 - Network Protocol Analysis
Copyright Music:
C418 - Sweden
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me.
Cyber Security Challenge Germany: https://cscg.live
NFITS donations: https://nfits.de/spenden/
Stripe CTF Announcement stripe.com/blog/capture-the-flag
CTF Wrap Up web.archive.org/web/20120531152105/stripe.com/blog/capture-the-flag-wrap-up
Files/Sources: github.com/stripe-ctf/stripe-ctf
io.smashthestack: io.netgarage.org
ey! Look for patterns youtube.com/watch?v=Jpaq0QkepgA
Sudo Exploit Walkthrough youtube.com/watch?v=TLa2VqcGGEQ&list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
GitLab 11.4.7 Remote Code Execution - Real World CTF 2018 youtube.com/watch?v=LrLJuyAdoAg
Chapters:
00:00 - Background Story
01:27 - The StripeCTF Blogpost
03:11 - Setting up StripeCTF VM
04:01 - level01: system()
05:50 - level02: PHP Path Traversal
07:10 - level03: Array OOB
10:57 - level04: Buffer Overflow
14:13 - level05: Python Pickle
17:04 - level06: Timing Attack
19:28 - CTF Playing vs. Reading Writeups
20:57 - level06: Blocked I/O
24:21 - Reflecting on the CTF
26:02 - Cyber Security Challenge Germany
28:03 - To Be Continued...
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Find the full playlist with videos for Google here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-
Chapters:
00:00 - Background Info
03:11 - Intro
03:53 - HTTP Security Header Overview
04:38 - Example #1: X-Frame-Options
06:43 - Example #2: Content-Security-Policy (CSP)
08:16 - Example #3: Strict-Transport-Security (HSTS)
10:44 - Example #4: Cross-Origin Resource Sharing (CORS)
13:12 - Example #5: Cookie Security Flags (HttpOnly)
14:25 - Summary
15:23 - Outro
*advertisement because the video was originally produced for Google: bughunters.google.com/learn/videos/5956774821363712/bug-hunter-university-videos
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
CVE-2022-24112: seclists.org/oss-sec/2022/q1/133
GitLab: liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018
Challenge files: github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6
Chapters:
00:00 - Intro
01:09 - Initial Application Overview
02:15 - Discussing Approaches
03:56 - Reading Documentation
04:57 - Initial Attack Idea
06:15 - Identifying Attack Surface
08:46 - Discovering Batch Requests
09:18 - Bypassing X-Real-IP Header
10:15 - Testing the Exploit
11:11 - Reporting the Issue
12:16 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeup
Fuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Grab the files: github.com/LiveOverflow/pwnedit
Grab the iso: old-releases.ubuntu.com/releases/20.04
Full Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Second Channel: youtube.com/c/LiveUnderflow
Twitch: twitch.tv/liveoverflow
Episode 17:
00:00 - Intro
00:42 - Ubuntu VM Setup
02:09 - Fuzzing sudoedit
02:51 - Revisiting an Old Issue
04:11 - Exploring _tsearch Crashes
06:49 - Creating PoC Exploit
08:22 - Minimize and Testing Exploit
09:06 - Fuzzing Statistics
10:48 - Conclusion
11:52 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Jazzer Java Fuzzer: github.com/CodeIntelligenceTesting/jazzer
Anthony Weems: twitter.com/amlweems
00:00 - Intro
00:54 - Chapter #1: The New CVE
03:38 - Chapter #2: Disable Lookups
05:43 - Chapter #3: Vulnerable log4j Configs
07:52 - Chapter #4: The Remote Code Execution
10:53 - Chapter #5: Parser Differential
12:57 - Chapter #6: Differential Fuzzing
16:07 - Chapter #7: macOS Only
18:15 - Chapter #8: Increase Impact
19:03 - Summary
19:58 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Grab the files: github.com/LiveOverflow/pwnedit
Episode 16:
00:00 - Intro
00:23 - How To Debug The Failing Exploit?
00:49 - Core Dumps
01:49 - Wait in Execution Wrapper to Attach gdb
02:28 - Difference Running sudoedit as root vs. user?
03:00 - Option 1: Bruteforce Offsets Perfectly
03:38 - Option 2: Fengshui as user
04:18 - Option 3: Analyze Our Failing Crash
04:48 - Comparing Option 1 vs. 2
05:45 - Implementing Option 1
07:56 - Implementing Option 2
09:16 - Running Option 2
10:03 - It Doesn't Work in Docker
11:11 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Grab the files: github.com/LiveOverflow/pwnedit
dlopen man page: man7.org/linux/man-pages/man3/dlopen.3.html
Complete playlist: studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlists
Episode 15:
00:00 - Intro
00:27 - Recap of Library Loading Exploit Idea
01:45 - Debug a Different Crash
02:28 - Can We Reach dlopen?
03:37 - Using Patterns to find Offsets
05:05 - Writing NULL bytes
05:54 - Create Execution Wrapper sudoenv
07:52 - Debugging the Debug Script
09:00 - Controlling The ni Struct
10:18 - Single Step Exploit Code
11:33 - Create Attack Shared Library
12:17 - First Successful Exploit?
12:58 - Doesn't Work for User
13:16 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Grab the files: github.com/LiveOverflow/pwnedit
Read libc Code: elixir.bootlin.com/glibc/glibc-2.31/source
Episode 14:
00:00 - Intro
00:22 - Select Testcases For Crash Analysis
01:19 - Debug Crash in gdb
02:02 - Code Examples from grep.app
02:53 - Reading libc Source Code
04:43 - Learning about nss
05:29 - Reaching nss_lookup
06:00 - The service_user Struct ni
07:55 - nss_lookup_function
08:57 - The Crash Reason
09:58 - Exploit Brainstorming
10:57 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Part 1 - Hackers vs. Developers // CVE-2021-44228 Log4Shell: youtube.com/watch?v=w2F67LbEtnk
My lamest GitHub repo ever: github.com/LiveOverflow/log4shell
--
00:00 - Intro
00:38 - Chapter #1: Log4j Lookups in Depth Debugging
03:50 - Log Layout Formatters
06:56 - Chapter #2: Secure Software Design
09:21 - Chapter #3: Format String Vulnerabilities
13:58 - Chapter #4: noLookups Mitigation
15:15 - Final Worlds
15:42 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Log4j Issues:
2013: issues.apache.org/jira/browse/LOG4J2-313
2014: issues.apache.org/jira/browse/LOG4J2-905
2017: issues.apache.org/jira/browse/LOG4J2-2109
Log4j 2 Security: logging.apache.org/log4j/2.x/security.html
German Government Warning: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3
Cloudflare: blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns
A JOURNEY FROM JNDI/LDAP
MANIPULATION TO REMOTE CODE
EXECUTION DREAM LAND: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
whitepaper: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
---
00:00 - Intro
01:05 - BugBounty Public Service Announcement
02:23 - Chapter #1: Log4j 2
03:38 - Log4j Lookups
04:15 - Chapter #2: JNDI
06:01 - JNDI vs. Log4j
06:35 - Chapter #3: Log4Shell Timeline
07:33 - Developer Experiences Unexpected Lookups
09:51 - The Discovery of Log4Shell in 2021
11:08 - Chapter #4: The 2016 JNDI Security Research
11:56 - Java Serialized Object Features
13:27 - Why Was The Security Research Ignored?
14:44 - Chapter #5: Security Research vs. Software Engineering
16:49 - Final Words and Outlook to Part 2
17:23 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)
Homework libc source code: elixir.bootlin.com/glibc/glibc-2.31/source
Episode 13:
00:00 - Intro
00:36 - Recap of Episode 12
01:16 - Interpret Fuzzing Results | fengshui3
03:05 - Reproduction Script poc.py
04:16 - Heap Object Information not Useful
05:10 - Collect More Data on Crashes | fengshui4
05:32 - Looking at Crashes
06:35 - Intersting Crash in nss_lookup_function
07:00 - Homework
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site bughunters.google.com
watch all BHU videos here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-
00:00 - Intro
00:33 - Authentication vs. Authentication
02:04 - Complex Systems with Permissions and Roles
02:42 - Example #1: Permission Complexity
04:16 - "Fixes" for Authorization Bugs
04:48 - Roles vs. Permissions
05:53 - What are Authorization Bugs?
06:52 - Example #2: Confusing Invalid Auth "Bugs"
08:22 - Summary
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)
gef for gdb: github.com/hugsy/gef
Episode 12:
00:00 - Intro
00:12 - How to Find Controllable Heap Allocations?
00:50 - Tracing free()!
01:21 - Finding Recognizable Strings on the Heap
01:58 - More Environment Variables
03:26 - fengshui2.py Script Changes
04:19 - Wrong Rabbit Hole...
05:20 - Some Other Research Attempts
06:47 - (gdb) gef Extension - Analyse the Heap Objects
09:03 - Heap Tracing Results
09:51 - Developing fengshui3.py
10:52 - First Peak at Script Results
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
You should worry more about Phishing: youtube.com/watch?v=NWtm4X6L_Cs
@steventseeley: twitter.com/steventseeley
@s1guza: twitter.com/s1guza
@itszn13: twitter.com/itszn13
@xerub: twitter.com/xerub
@gf_256: twitter.com/gf_256 / youtube.com/channel/UCmYAXMxue6UdEPfAPxA0E8w
---
00:00 - Can Every Device Get Hacked?
00:53 - Collaboration
02:24 - Law of Security: The More Complexity, The More Insecure
03:20 - Proof #1: Zerodium
04:55 - Proof #2: Phone Vendor Security Updates
05:33 - Proof #3: Hacking Competitions
06:28 - "Can You Find The Vulnerabilities Alone?"
09:27 - "Weaponized" (or Operationalized) Exploits
10:35 - The Original Question Is Useless
11:18 - Risk Of Your Device Getting Hacked?
12:32 - The Economics Of The Attacker
14:30 - Who Should Be Worried About 0days?
15:11 - Attack On Security Researchers
16:06 - What Can You Do Against Hackers?
18:15 - Trick Against Smartphone Hacking
19:22 - Summary and Conclusion
21:21 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Challenge Files: github.com/LiveOverflow/ctf-cryptowaf
Walkthrough: youtube.com/watch?v=ZKrABs-N9wA
BugBountyReportsExplained: youtube.com/c/BugBountyReportsExplained
00:00 - Intro
01:33 - Background Story
02:55 - What is CryptoWAF?
04:16 - Implementing Encryption
05:06 - Encryption Challenges
06:59 - Implementing Decryption
07:02 - Design Flaw
08:26 - Exploiting the Design Flaw
09:06 - Leaking Database
10:04 - WAF Bypass
11:04 - Conclusion
12:07 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: github.com/LiveOverflow/pwnedit
Episode 11:
00:00 - Intro
00:40 - The Research Plan
02:09 - Collecting Heap Information
02:40 - Testing the "Instrumentation" - First Problem
04:00 - Understanding Heap Information Output
04:34 - Heap Fragemntation Explained
05:10 - Which Inputs to Control?
05:35 - Writing the Fuzzing Heap Layouts Sripts
07:37 - Development Challenges
08:28 - The Script Results!
09:30 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
The article can be read here: http://phrack.org/issues/70/15.html#article
--=[ Missing parts:
1. Remember the hacking videos without audio using notepad to communicate? That's definitely a part of the history that should have been included in this article.
--=[ References:
How SUDO on Linux was HACKED! // CVE-2021-3156
youtu.be/TLa2VqcGGEQ?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
XSS on Google Search - Sanitizing HTML in The Client?
youtube.com/watch?v=lG7U3fuNw3A
Identify Bootloader main() and find Button Press Handler
youtu.be/yJbnsMKkRUs?list=PLhixgUqwRTjyLgF4x-ZLVFL-CRTCrUo03
[0] Lenas Reversing for Newbies (2006) web.archive.org/web/20070524043123/http://www.tuts4you.com/download.php?list.17
[1] thebroken by Kevin Rose archive.org/details/thebroken_xvid
[2] Hak5 - Episode #1 youtube.com/watch?v=SUEXCCWMfXg
[3] Notacon 2007 Part 1 youtube.com/watch?v=HXSZ4PRLUDU
[4] CSAW CTF challenge 2.exe, 3.exe and 4.exe flag retrieval youtube.com/watch?v=_Ld1cD9d7tI
[5] Beginner Challenge #1... youtube.com/watch?v=tdqJ8NEcJUM
[6] Phrack issue #69 - International scenes
[7] reddit.com/r/WatchPeopleCode
[8] livectf REDEMPTION by geohot 7/27/2014 youtube.com/watch?v=td1KEUhlSuk
[9] Let's Hack Livestream - exploit-exercises.com (2015) youtube.com/watch?v=HBnPY77JtqY
[10] The Heap: dlmalloc unlink() exploit - bin 0x18 youtube.com/watch?v=HWhzH--89UQ
[11] Hacking Livestream #1: ReRe and EZPZP youtube.com/watch?v=XWozhb1ZOyM
[12] Life of an Exploit: Fuzzing PDFCrack with AFL for 0days youtube.com/watch?v=8VLNPIIgKbQ
[13] HackTheBox - Popcorn youtube.com/watch?v=NMGsnPSm8iw
[14] Live CTF v2: ... youtube.com/watch?v=D7uXE_lEzxI
[15] SMT in reverse engineering, for dummies youtu.be/b92CW-NZ3l0
[16] GoogleCTF - XSS "Pasteurize" youtu.be/voO6wu_58Ew
[17] Hacking into Google's Network for $133337 youtu.be/g-JgA1hvJzA
[18] support.google.com/youtube/answer/2801964?hl=en
[19] Data breaches, phishing, or malware? Understanding the risks of stolen credentials dl.acm.org/doi/abs/10.1145/3133956.3134067
[20] Zero to Hero Pentesting youtu.be/qlK174d_uu8?list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj
[21] How the Apple AirTags were hacked youtu.be/_E0PWQvW-14
[22] FuzzOS: Day 1, starting the OS youtu.be/2YAgDJTs9So
[23] How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own youtube.com/watch?v=zjafMP7EgEA
[24] tiktok.com/@malwaretech
--=[ Chapters:
00:00 - Intro
00:21 - 0. About the Author
00:50 - 1. Preamble
02:00 - 2. Before 2014
04:40 - 3. My Start in 2015
08:50 - 4. Today's Scene
15:50 - 5. Final Words
16:39 - Some Thoughts
20:06 - Outro
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Instagram: instagram.com/LiveOverflow
→ Blog: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Checkout @PwnFunction excellent YouTube channel!
Read the article here: bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/6082745027264512
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Complete playlist:
youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: github.com/LiveOverflow/pwnedit
Episode 10:
00:00 - Intro
00:46 - Research Idea
01:29 - Collecting Data
02:20 - Developing Python Script
03:34 - Finding Potential Function Pointers
04:01 - Verify if pointers are usable
05:07 - Function Pointer Candidate #1
05:58 - Function Pointer Candidate #2
06:47 - Evaluate the Research Methodology
08:00 - What's Next?
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
This was a challenge called `Montagy` from the Real World CTF 2019 competition.
Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.
More Ethereum hacking:
- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: youtube.com/watch?v=ozqOlUVKL1s
- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: youtube.com/watch?v=RfL3FcnVbJg
- Ethereum Smart Contract Backdoored Using Malicious Constructor:
youtube.com/watch?v=WP-EnGhIYEc
00:00:00 - Backstory
00:03:58 - Smart Contract Challenge Overview
00:20:17 - Blockchain Transaction Investigation
00:22:13 - Rough Plan & Research Setup
00:34:27 - Looking more into the Contracts
00:41:18 - Debugging with remix
01:08:43 - What we learned so far
01:09:31 - Researching custom hash
01:34:26 - Breaking hash algorithm with z3
02:02:37 - Realizing winning condition is different...
02:03:20 - Developing exploit pwn.js
02:15:10 - Exploit doesn't work... debugging.
02:31:30 - Exploit finally works
02:33:55 - Sending Exploit to the Team in China
02:35:05 - The Flag
02:36:10 - Opinion and Conclusion
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow
Grab the files: github.com/LiveOverflow/pwnedit
We made the thumbnail together on stream: youtube.com/watch?v=71h-AqXut7A
Episode 09:
00:00 - Intro
00:35 - Option 1: Exploit Heap Metadata
02:42 - Option 2: Exploit Data on Heap
04:18 - Heap Feng Shui
06:04 - Failure...?
07:04 - We Could Fuzz the Heap
08:08 - To Be Continued...
-=[ ❤️ Support ]=-
→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow