Why Pick sudo as Research Target? | Ep. 01 @LiveOverflow

LiveOverflow | Why Pick sudo as Research Target? | Ep. 01 @LiveOverflow | Uploaded 3 years ago | Updated 6 hours ago
Recently a serious vulnerability in sudo was announced. But how can people even find these kind of bugs? Let's talk about why we would want to look for vulnerabilities in sudo, and how we could do that. We then try to setup afl, but fail... well... this will take a while

liveoverflow.com/support

Text Version: liveoverflow.com/why-pick-sudo-research-target-part-1
GitHub: github.com/LiveOverflow/pwnedit/tree/main/episode01
Full Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

Episode 01:
00:00 - Intro
01:48 - Prepare the System
03:57 - How to Pick a Research Target?
05:57 - Choose the Strategy: Fuzzing
09:27 - Fuzzing argv[] With AFL
13:00 - Running Into the Next AFL Problem
14:51 - Outro

-=[ ❤️ Support ]=-

→ per Video: patreon.com/join/liveoverflow
→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: twitter.com/LiveOverflow
→ Website: liveoverflow.com
→ Subreddit: reddit.com/r/LiveOverflow
→ Facebook: facebook.com/LiveOverflow

Design Flaw in Security Product - ALLES! CTF 2021

The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption

Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228

Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)

Does Hacking Require Programming Skills?

How The RIDL CPU Vulnerability Was Found

Finding Player and Camera Position for Fly Hack - Pwn Adventure 3

Hacking Browsers - Setup and Debug JavaScriptCore / WebKit

Finding 0day in Apache APISIX During CTF (CVE-2022-24112)

My Life in Short/Shirt Stories - The Time I Learned PenSpinning (~2007-2009) - Shirt Stories #1