Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228 LiveOverflow 2021-12-17 | Let's try to make sense of the Log4j vulnerability called Log4Shell. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j.Log4j Issues:2013: issues.apache.org/jira/browse/LOG4J2-3132014: issues.apache.org/jira/browse/LOG4J2-9052017: issues.apache.org/jira/browse/LOG4J2-2109Log4j 2 Security: logging.apache.org/log4j/2.x/security.htmlGerman Government Warning: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3Cloudflare: blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patternsA JOURNEY FROM JNDI/LDAPMANIPULATION TO REMOTE CODEEXECUTION DREAM LAND: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdfwhitepaper: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf---00:00 - Intro01:05 - BugBounty Public Service Announcement02:23 - Chapter #1: Log4j 203:38 - Log4j Lookups04:15 - Chapter #2: JNDI06:01 - JNDI vs. Log4j06:35 - Chapter #3: Log4Shell Timeline07:33 - Developer Experiences Unexpected Lookups09:51 - The Discovery of Log4Shell in 202111:08 - Chapter #4: The 2016 JNDI Security Research11:56 - Java Serialized Object Features13:27 - Why Was The Security Research Ignored?14:44 - Chapter #5: Security Research vs. Software Engineering16:49 - Final Words and Outlook to Part 217:23 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Minecraft Reach Hack LiveOverflow 2022-11-28 | Let's talk about how we can implement a reach hack in minecraft. After knowing how it works, it seems so obvious. But it took me over 14h to figure out myself :DMinecraft Protocol: https://wiki.vg/Protocol#Set_Player_PositionCommunity Showcase: EnderKill98Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGEpisode 18:00:00 - Intro TPAura / InfAura00:51 - Basic Reach Hack01:59 - Other Player's PoV02:42 - Extended Reach Attack04:03 - Basic Implementation Walkthrough05:04 - Why Stupid Names for Hacks?!05:21 - Teleport Challenge: The Vault07:23 - EnderKill98-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Cat Coordinate Exploit 1.19.2 LiveOverflow 2022-11-20 | I tried to hide a new base far away, but players quickly found it. Let me tell you how they did it.Shoutout to TP-Overflow: P1x3lPro (found cat exploit), Overlord2036, Enderkill98, 7H3, MonkeySaint, 19MisterX98Community Showcase: DarkMetalMouseWatch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGEpisode 17:00:00 - Intro00:24 - 1.19.2 Demo Mode01:00 - Let's Play: New Base Storage Area03:44 - Hopper Sorter Plugin06:08 - Reach Hack Showcase09:24 - Let's Play: Minecart System11:14 - Cats in Minecraft are Evil12:23 - Tamed Cat AI Behavior Exploit17:14 - Look Direction Triangulation19:38 - Environments: Snowball Challenge21:48 - Community Showcase: DarkMetalMouse Coordinate Cracking-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
What is a Server? (Deepdive) LiveOverflow 2022-11-10 | With this video I explain my ~17y/o self what a "Server" is. We look at server software and servers in datacenters to understand how the word is used.Chapters:00:00 - Intro to "What is a Server?"00:47 - Wikipedia Server Definition01:42 - Game Servers02:50 - Client and Server Communication04:30 - Web Servers05:10 - A Server is just a Program06:38 - A Server is just a Computer08:30 - Server Hardware10:10 - What is Server Software?11:54 - Servers are Everywhere14:00 - Related Terms and Thought Experiment17:04 - Outro=[ ❤️ Support ]=→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join=[ 🐕 Social ]=→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Server Griefed and New Beginnings ... LiveOverflow 2022-10-31 | I was bullied and kicked out. So I traveled very very far away to establish a new base. In the process I moved the world from 1.18.2 to 1.19.2, forcing everybody to upgrade their hacks and find the new IP. But can you also find my new base?Episode 9 Seedcracking: youtube.com/watch?v=gSxcDYCK_lY&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG&index=11Watch the full playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGShowcase: LeBogo, Philipp_DE, Nocturne, AliFurkan and Cheesburger- github.com/homelyseven250/rusty-pinger/blob/main/src/main.rsEpisode 14:00:00 - Intro02:38 - A New Beginning ...04:28 - Improved Fly Hack07:44 - Improved XRay Mod10:48 - Automatic Farming13:19 - Trading Bot16:48 - My New Base18:01 - The Old Server19:15 - Community Showcase20:50 - LeBogo's Placeholder Bot-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
I Leaked My IP Address! LiveOverflow 2022-10-21 | How bad is it to leak your IP address? VPN providers want us to believe it is dangerous, but I wanted to share my thoughts on the matter.Minecraft:HACKED youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGOALabs about VPNs: youtube.com/watch?v=hR5YOV__gGkChapters:00:00 - Intro01:05 - What are IP Addresses?01:41 - IP Addresses are Public!02:24 - Router NAT03:50 - Legal Implication of Shared IPs04:35 - DS-Lite / Carrier Grade Nat05:40 - Static IP Address06:45 - Impact of Leaking an IP08:05 - Denial of Service Attacks09:10 - ISP vs. VPN Privacy Implication11:16 - What is a Privacy Issue?12:09 - Leaking Minecraft Player IPs12:59 - "If you care about privacy, don't connect to anything with your IP"13:55 - IPv4 vs. IPv615:02 - Use TOR!15:48 - Conclusion16:44 - OALabs Shoutout-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
WorldGuard Bypass LiveOverflow 2022-10-12 | Telling the story how code review lead to the discovery of a common mistake plugin developers make. It also affects worldguard. However is it really worth fixing?Maizuma Games: youtube.com/c/MaizumaGames/videosWorldGuard: github.com/EngineHub/WorldGuardHackForums: hackforums.net/showthread.php?tid=5495770Episode 13:00:00 - Intro01:03 - State of Griefing on the Server04:00 - Research Motivation05:26 - Building Club Mate Bottle Challenge06:08 - Challenge Bypasses08:24 - WorldGuard Region Entry Protection09:24 - Code Review of Movement Packets10:49 - Building the Club Mate Fountain Ruin11:38 - WorldGuard Bypass Showcase12:11 - Minecraft 1.9 AntiCheat Bypass12:55 - Should this be fixed?14:30 - Community Showcase: DarkReaperCredits/Comments from DarkReaper:Hack based on: github.com/BleachDev/BleachHackSpecial thanks to wagyourtail for optimizing EventlessFly: github.com/wagyourtail github.com/GreenScripter/sign-restorerEpisode 14 Teaser: youtube.com/watch?v=RlKGdMwwRJg-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The Origin of Cross-Site Scripting (XSS) - Hacker Etymology LiveOverflow 2022-10-03 | Why is it called "XSS"? Where does it come from and who influenced this type of website vulnerability?Full Playlist "The History of XSS": youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSiHotmail "Attackments": web.archive.org/web/19981205221020/http://because-we-can.com/attackments/default.htmWhich freemail services are safe: web.archive.org/web/19981207041804/http://because-we-can.com:80/all/compare.htmArticle about XSS: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.html ; web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.htmlMicrosoft Press Release: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.htmlMicrosoft XSS FAQ: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.htmlCA-2000-02: web.archive.org/web/19990117001239/http://www.news.com/News/Item/0,4,25792,00.htmlChapters:00:00 - Intro and Recap01:35 - XSS's 10th Birthday02:51 - Talking to David Ross03:47 - Cross-frame Security Issues04:43 - Hotmail ATTACKMENTS06:40 - Breeding Ground for XSS08:05 - Microsoft in 199909:48 - "Cross-Site Scripting" Name Origin11:56 - CERT Advisory CA-2000-213:30 - Do you remember XSS?=[ ❤️ Support ]=→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join=[ 🐕 Social ]=→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The Age of Universal XSS LiveOverflow 2022-09-23 | In August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.Jabadoo Security Hole in Explorer 4.0: seclists.org/bugtraq/1997/Oct/85Aleph One on Jabadoo: seclists.org/bugtraq/1997/Oct/87Georgi Guninski "IE can read local files": seclists.org/bugtraq/1998/Sep/47Georgi's Resume (HIRE HIM!): https://j.ludost.net/resumegg.pdf"Cross-frame security policy": seclists.org/bugtraq/2000/Jan/93Episode 01 - First JS Bug: youtube.com/watch?v=bSJm8-zJTzQEpisode 02 - Three JS Security Researcher: youtube.com/watch?v=VtcA58555lYEpisode 03:00:00 - Intro to the "Age of Universal XSS"01:16 - JavaScript Security in Netscape 199601:52 - JScript Vulnerability in Internet Explorer 03:38 - Georgi Guninski: IE can read local files (1998)05:12 - Who is Georgi Guninski?06:36 - Georgi Guninski: IE 5 circumventing cross-frame security policy09:41 - David Ross from Microsoft about Georgi10:16 - "Cross-Frame" Browser Bugs11:17 - Universal Cross-Site Scripting12:15 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The End Of Humans In Minecraft LiveOverflow 2022-09-13 | Hackers keep finding my server and ruin everything. Maybe it's time to end it.Watch full series: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGChunkbase Seed Map: chunkbase.com/apps/seed-map#LiveOverflow61374546Enjoys Building Spawn House Time-lapse: youtube.com/watch?v=dfPeM2siWOYThe random dev setup video I used: youtube.com/watch?v=YOBt2SABHlMCubiomes: github.com/Cubitect/cubiomesEpisode 12:00:00 - Intro00:46 - Let's Play: The Item Sorter02:23 - Let's Play: Exploring Spawn Area04:05 - Thoughts on the Server Community04:54 - Let's Play: Plans for the End05:53 - How I got the LiveOverflow server Seed06:56 - Tutorial: Defeat The Final Minecraft Level08:02 - Anti-human Plugin Development10:09 - How Server Plugins Work12:41 - Teaser: Jungle Secrets=[ ❤️ Support ]=→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join=[ 🐕 Social ]=→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The Three JavaScript Hacking Legends LiveOverflow 2022-09-04 | In this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends.Bugtraq 1997 - LoVerso: seclists.org/bugtraq/1997/Jun/88LoVerso Website: web.archive.org/web/19970607122219/http://www.osf.org/~loverso/javascriptLoVerso dir.html PoC: web.archive.org/web/19970607185809/http://www.osf.org/~loverso/javascript/dir.htmlTasty Bits from the Technology Front: web.archive.org/web/19970803213858/http://www.tbtf.com/archive/02-27-96.htmlTBTF about Netscae 2.0b3: web.archive.org/web/19970803220511/http://www.tbtf.com/archive/12-02-95.htmlScott Weston on TBTF: web.archive.org/web/19970803220702/http://www.tbtf.com/resource/b2-privacy-bug.htmlBugtraq about Bug Bounty 1995: seclists.org/bugtraq/1995/Oct/12Episode 01: youtube.com/watch?v=bSJm8-zJTzQEpisode 03: youtube.com/watch?v=gVblb-QhZa4Episode 02:00:00 - Intro00:45 - First JavaScript Vulnerability02:00 - John Robert LoVerso03:19 - First Directory Browse Vulnerability04:16 - Comparison to My Exploit05:13 - John Tennyson05:44 - Tasty Bits from the Technology06:16 - Netscape's Bug Bounty06:48 - Scott Weston history stealing08:12 - The Three Legends of JavaScript Security 08:59 - The Year 199609:31 - JavaScript can't claim to be secure10:25 - ECMAScript: JavaScript Specification 11:13 - Next Episode Teaser-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Minecraft Force-OP Exploit! LiveOverflow 2022-08-25 | We investigate how Herobrine got OP on my server and we look back at the network protocol vulnerability I reported in march.vktec: youtube.com/c/vktec/videosMinecraft Protocol Vulnerability: youtube.com/watch?v=i-2UgCDdhpMMinecraft:HACKED Playlist: youtube.com/watch?v=Ekcseve-mOg&list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGEpisode 11:00:00 - Let's Play: State of Server03:56 - Let's Play: Massive Roller Coaster!06:06 - Brainstorming Force-OP Methods07:39 - Discovering XSS Payload09:50 - Debugging Root Cause in JavaScript11:59 - Scanning for XSS Issues13:39 - Let's Play: Spawn Griefing Mystery14:23 - Another Minecraft Protocol 0day!18:05 - AES/CFB8 Self-Synchronizing20:26 - Security Research Conclusion-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Discover Vulnerabilities in Intel CPUs! LiveOverflow 2022-08-11 | In this video we explore the basic ideas behind CPU vulnerabilities and have a closer look at RIDL.This video is sponsored by Intel and their Project Circuit Breaker: projectcircuitbreaker.comHow to Benchmark Code Execution Times: intel.com/content/dam/www/public/us/en/documents/white-papers/ia-32-ia-64-benchmark-code-execution-paper.pdfAnders Fogh: https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/Speculose: arxiv.org/abs/1801.04084RIDL Paper: mdsattacks.com/files/ridl.pdfForeshadow PoC: github.com/gregvish/l1tf-poc/blob/master/doit.cSebastian Österlund: https://osterlund.xyz/Chapters:00:00 - Intro & Motivation00:57 - Concept #1: CPU Caches01:57 - Measure Cache Access Time with rdtscp05:00 - Concept #2: Out-of-order Execution06:11 - CPU Pipelining07:13 - Out-of-order Execution Example09:19 - CPU Caching + Out-of-order Execution = Attack Idea!!10:33 - Negative Result: Reading Kernel Memory From User Mode13:45 - Pandoras Box14:23 - Interview with Sebastian Österlund17:24 - Accidental RIDL Discovery19:31 - NULL Pointer Bug21:50 - Investigating Root Cause23:28 - Conclusion24:24 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Code Review vs. Dynamic Testing explained with Minecraft LiveOverflow 2022-08-07 | Maybe you are wondering how people can figure out crazy stuff in Minecraft. Generally there are two techniques: dynamic testing or reading code. So which method is better?2No2Name (original finder) Zombie AI: youtube.com/watch?v=0HvXMFwaYssdocm77: youtube.com/watch?v=BoVMWNeVLf4&t=2148sEpisode 10:00:00 - Let's Play: Building Timelapse01:16 - Code Review vs. Dynamic Testing02:29 - Example #1: Creeper Farm Code Review 04:10 - Example #2: Fall Damage Dynamic Testing05:45 - docm77 Zombie Prank on Hermitcraft06:55 - How to Find The Zombie AI Bug10:03 - Does it Affect Other Mobs?11:16 - Other Players on the Server12:00 - Let's Play: Bee Farm Timelapse-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Self-Learning Reverse Engineering in 2022 LiveOverflow 2022-07-31 | There exist some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing.Compiler Explorer: godbolt.orgDecompiler Explorer: dogbolt.orgC code example: github.com/LiveOverflow/liveoverflow_youtube/blob/master/0x05_simple_crackme_intro_assembler/license_1.cIntroducing Decompiler Explorer - https://binary.ninja/2022/07/13/introducing-decompiler-explorer.html00:00 - Intro00:23 - Motivation01:00 - How to c?02:11 - godbolt Basic Usage03:40 - Function Call on x6404:30 - Intel vs ARM assembly05:22 - godbolt Compiler Options05:50 - Enable gcc O3 Compiler Optimization06:35 - Decompiler Explorer dogbolt07:16 - Comparing Decompiled main()08:25 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The Same Origin Policy - Hacker History LiveOverflow 2022-07-23 | In 1995 Netscape invented JavaScript (LiveScript) and it marked the start of client-side web security issues. In this video we explore this history and learn about the same origin policy (SOP).Cookies Explained: web.archive.org/web/19970605224124/http://help.netscape.com/kb/client/970226-2.htmlNetscape 2.0b1 LiveScript: web.archive.org/web/20021212124306/http://wp.netscape.com:80/eng/mozilla/2.0/relnotes/windows-2.0b1.htmlNetscape 2.0b2 JavaScript: web.archive.org/web/20041211182909/http://wp.netscape.com/eng/mozilla/2.0/relnotes/windows-2.0b2.htmlJavaScript Documentation: web.archive.org/web/19970613234917/http://home.netscape.com/eng/mozilla/2.0/handbook/javascript/index.htmlNetscape 2.02 Security Fixes: web.archive.org/web/20030711134218/http://wp.netscape.com/eng/mozilla/2.02/relnotes/windows-2.02Gold.html#Security2Netscape 3: web.archive.org/web/20020808153106/http://wp.netscape.com:80/eng/mozilla/3.0/handbook/javascript/advtopic.htm#1009533Bugtraq Java Applet RCE: seclists.org/bugtraq/1996/Jun/27Donate to Web Archive: archive.org/donateChapters:00:00 - Intro and Motivation00:43 - How the Internet Works01:43 - Online Services in 1994/9503:08 - JavaScript Released in 199504:40 - HTML frames and framesets05:16 - Cross-Domain Attack Example06:54 - Fixing the Attack08:00 - The First Web Exploit?08:37 - The Same Origin Policy (SOP)09:35 - Historical Context: Crashes, Java Applets, ...11:06 - Outro and Shoutout-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
They Cracked My Server! LiveOverflow 2022-07-13 | Some players found my server and imprisoned me...SeedcrackerX: github.com/19MisterX98/SeedcrackerXTexture Rotation: github.com/19MisterX98/TextureRotationsMathew Bolan Seedcracking: youtube.com/watch?v=8CKh4x4iK38&list=PLke4P_1UHlmB8sB1oGdcea4SeBH0yZy5BEpisode 09:00:00 - Intro00:27 - Reviewing Server Logs 01:53 - Leaking Server IP03:16 - Other Server Scanning Projects03:54 - Getting Imprisoned!05:17 - Escaping the Maze07:40 - PIN Code Door08:29 - Jumping Puzzle09:37 - Failing Final Quiz10:41 - The Well of Death12:07 - Seedcracking with SeedcrackerX13:27 - Attacking Blurry Seed15:56 - Manual Seedcracking with 19MisterX9816:37 - Step 1: Copy an Area From Video18:30 - What is a "Random Seed"16:37 - Step 2: Finding Coordinates Through Texture Rotation24:58 - Step 3: Cracking Seed Through Tree Leaves 26:13 - How a Minecraft Tree Generates26:33 - World Seed, Population Seed, Chunk Seed, ...32:15 - Text Seed vs. Number Seed-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
A Deeper Look at Hacking Laws LiveOverflow 2022-07-03 | A deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates.Obviously this video is not legal advice.I forgot about StGB 263a "Computer Fraud" in this video. It's also interesting to speculate about interpretations, however it focuses on financial losses and your intention to enrich yourself. So as security researchers it's less applicable, because we don't look for financial gains.Useful links:Translated German Criminal Law: https://www.gesetze-im-internet.de/englisch_stgb/Der Hahn erklärt Cyber-Strafrecht: youtube.com/watch?v=EDqOCxdJSPE00:00 - Intro and Motivation01:15 - German Criminal Law02:57 - StGB 202b - Phishing/MITM03:55 - StGB 202c - Collecting Credentials04:33 - StGB 202a - Hacking04:59 - Example #1: Basic IDOR 06:20 - Example #2: Path Traversal07:01 - OPTAIN ACCESS to Data 08:25 - Example #3: Minecraft log4shell Scanning 09:30 - Example #4: Technical Limitations?10:44 - "Vulnerability" or "Exploit" not part of the Law11:38 - Hacking Attempt is NOT Punishable12:41 - StGB 202c - Hacking Tools13:50 - Interpretation by German Federal Court15:49 - StGB 303a - Data Manipulation16:50 - StGB 303b - Computer Sabotage17:13 - Example #5: Hacking a Bank!18:41 - Hacking with Permissions?19:50 - Conclusion-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Are Resource Packs Safe? LiveOverflow 2022-06-24 | Let's explore how Minecraft can be customized. The knowledge we gain from that is very useful to identify interesting attack surface.Timber Forge: youtube.com/channel/UC606Jh3yjNj40dcVuMwtUCwMcMakistein: youtube.com/user/McMakisteinInformation leak in Minecraft 1.8: blog.punkeel.com/2018/09/12/minecraft-18-info-leakFuzzing Java: youtube.com/watch?v=kvREvOvSWt4Chapters:00:00 - Intro00:44 - Herobrine's Bunker03:06 - Researching Creepers05:16 - SUPER FAST BUILD MODE06:43 - How Custom Models Work11:33 - Attack Surface Overview12:44 - Resource Pack Security Research20:46 - Open Server Experiment-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
The State of log4shell in Minecraft Months Later LiveOverflow 2022-06-12 | Laws are complicated and internet wide scanning is a bit of a grey area. So I wonder, what is ethical? Did I cross a line? What do you think?Log4shell explained: youtube.com/watch?v=w2F67LbEtnkLog4j in Minecraft by John Hammond: youtube.com/watch?v=7qoPDq41xhQlimited ldap server by leonjza: github.com/leonjza/log4jpwn/blob/master/pwn.pyDocker Minecraft Server: github.com/itzg/docker-minecraft-serverEpisode 07:00:00 - Intro01:37 - Let's Play:05:24 - Building Spider XP Farm06:05 - Ethical Internet Scanning?12:20 - Minecraft Hosting Business19:35 - Log4shell Scan Results25:45 - Conclusion-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Could I Hack into Google Cloud? LiveOverflow 2022-06-03 | Google announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.This video is sponsored by Google.The announcement: security.googleblog.com/2022/06/announcing-winners-of-2021-gcp-vrp-prize.htmlWinning submissions:#1 https://www.seblu.de/2021/12/iap-bypass.html ($133,337)#2 github.com/irsl/gcp-dhcp-takeover-code-exec ($73,331)#3 mbrancato.github.io/2021/12/28/rce-dataflow.html ($73,331)#4 irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea ($31,337)#5 https://lf.lc/vrp/203177829 ($1001)#6 docs.google.com/document/d/1-TTCS6fS6kvFUkoJmX4Udr-czQ79lSUVXiWsiAED_bs ($1000)GCP Prize 2020: youtube.com/watch?v=g-JgA1hvJzAGCP Prize 2019: youtube.com/watch?v=J2icGMocQdsGoogle Paid Me to Talk About a Security Issue! youtube.com/watch?v=E-P9USG6kLsFuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 youtube.com/watch?v=kvREvOvSWt4----00:00 - Intro GCP Prize 202101:05 - 6. "Command Injection in Google Cloud Shell" by Ademar Nowasky Junior03:36 - 5. "Remote code execution in Managed Anthos Service Mesh control plane" by Anthony Weems08:31 - 4. "The Speckle Umbrella story — part 2" by Imre Rad11:33 - 3. "Remote Code Execution in Google Cloud Dataflow" by Mike Brancato15:47 - 2. "Google Compute Engine VM takeover via DHCP flood" by Imre Rad20:12 - 1. "Bypassing Identity-Aware Proxy" by Sebastian Lutz22:42 - Summary and Conclusion23:58 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Scanning The Internet for Minecraft Servers LiveOverflow 2022-05-19 | I want to show you another Minecraft related project of mine. I tried to scan the whole internet for servers. For what? Well.... you will see.Did 2b2t Griefers Just Do The Impossible? youtube.com/watch?v=fvbVnT-RW-UGriefing Jeb's Private Server w/ Babbaj, orsond, Zetrax, and _Aaron_ youtube.com/watch?v=vrjf33A2VkcMaybe jeb_ server grief was fake? youtube.com/watch?v=lk70_G32jvgHermitcraft 9 Episode 4: The Base Is DONE! youtube.com/watch?v=6coT21RT7HQmasscan: github.com/robertdavidgraham/masscanMongo Express: github.com/mongo-express/mongo-expressdramatiq: dramatiq.io/guide.htmlEpisode 06: 00:00 - Let's Play: Building04:21 - Some Thoughts on Griefing09:42 - Griefing vs. Reporting Vulnerabilities11:05 - Building a Minecraft Server Scanner17:48 - Exploring the Data19:44 - Griefing Random Servers24:36 - Let's Play: Iron and Sugarcane Farm26:18 - OutroCopyright Music:C418 - Minecraft Soundtrack-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Crafting a Minecraft 0day... LiveOverflow 2022-05-08 | In this video I show off my new XRay mod, we go mining, almost die in the Nether and discover a vulnerability in the Minecraft Protocol. Just another normal Minecraft:HACKED episode!Checkout ilmango: youtube.com/c/ilmangoSciCraft: twitter.com/scicraft_XRay Mod Inspriation: github.com/ate47/XrayMinecraft Protocol: https://wiki.vg/Protocol_EncryptionAES CFB: en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)The Bug Report MC-249235: bugs.mojang.com/browse/MC-249235Episode 05:00:00 - Intro: ilmango/SciCraft shoutout01:16 - XRay Mod02:12 - Let's Play: Mining & Enchantments05:16 - Mojang to Microsoft Account Migration11:15 - Let's Play: The Nether13:42 - Auditing Minecraft Encryption Protocol16:14 - Attacker Observes Traffic16:51 - Attacker Controls Malicious Server21:07 - Auditing AES/CFB8 Encryption24:00 - Proof of Concept Attack26:00 - Reporting to Mojang27:19 - Let's Play: HerobrineCopyright Music:C418 - Minecraft Soundtrack-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Flying Without Elytra LiveOverflow 2022-05-01 | In this episode we start by exploring the basic AFK fishing farm. While building a potato farm we learn about the scientific method and how we can apply it to Minecraft to find a new fishing farm design for 1.19. Unfortunately we are still on 1.18.2, so we have to develop our own autofish mod. From the newly found programming experience we then are able to develop our own fly hack and bypass the server flying detection!Simple AFK Treasure Fish Farm Concept for 1.19 Sculk Sensor:youtube.com/watch?v=L-g9ml6wzgMEasy Carrot & Potato Crop Farm Tutorial | Simply Minecraft (Java Edition 1.17/1.18)youtube.com/watch?v=A8DQYpk5944MrTroot/autofish github.com/MrTroot/autofishTrolling 2b2t Players with a "Magic Carpet" youtube.com/watch?v=Ze9a-I-kFt4Episode 04:00:00 - Intro01:23 - AFK Fishing Farm Explained05:30 - Let's Play: Villager Breeder & Potato Farm07:00 - The Scientific Method10:27 - Inventing a 1.19 AFK Fish Farm12:25 - Developing AutoFish Mod18:14 - Bypassing Server Flying Detection23:32 - Flying without Elytra!24:52 - OutroMusic:C418 - Minecraft Soundtrack-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Modding is Hacking... LiveOverflow 2022-04-20 | In this episode of Minecraft Hacked we are going to look into client mods and talk about cheating in general.Fabric Example Mod: github.com/FabricMC/fabric-example-modMixin Examples: fabricmc.net/wiki/tutorial:mixin_examplesMixin Wiki: github.com/SpongePowered/Mixin/wikiShulker Dupe mod by 0x3C50: github.com/Coderx-Gamer/shulker-dupeFredOverflow: youtube.com/watch?v=WPDV3LgUL2EEpisode 03:00:00 - Let's Play: Enderpearl Glitch02:10 - Let's Play: Caving04:07 - What is Cheating?14:00 - How to Code Client Mods15:30 - Hacks: Java Bytecode Modification21:15 - Let's Play: Return to SurfaceMusic:C418 - Sweden-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Awkward VLOG at Nullcon Berlin 2022 LiveOverflow 2022-04-16 | I attended Nullcon berlin 2022 in Berlin. Finally met a lot of people I haven't seen in a long time, and also met lots of new people.Nullcon: nullcon.net/berlin-2022Card game: thecodeck.comMagic Word Writeup: ctftime.org/writeup/33233advertisement: This video is labeled as an ad, but this video was not sponsored by nullcon. I just do it to make sure German regulators cannot complain.-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Minecraft, But Its Reverse Engineered... LiveOverflow 2022-04-10 | In this episode we learn how Minecraft servers are implemented by looking at PaperMC and tracing the dependencies. Turns out the custom Minecraft servers rely on decompiling the server source code! It's insane what this Minecraft community has created.Paper Server: github.com/PaperMC/PaperMinecraft EULA: minecraft.net/en-us/eulaFabric Intermediary Mappings: github.com/FabricMC/intermediaryFabric Yarn Mappings: github.com/FabricMC/yarn/tree/1.18.2-pre3/mappings/net/minecraftGrab the files: github.com/LiveOverflow/minecraft-hackedMinecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGEpisode 02:00:00 - Let's Play: Map Exploration02:47 - How Does Minecraft Help With Hacking?06:06 - Introduction to Minecraft Servers09:13 - Minecraft Reverse Engineering17:03 - Let's Play: The Return to BaseMusic:C418 - Minecraft Soundtrack-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Breaching Security of Palais des Congrès (in Minecraft) #shorts LiveOverflow 2022-04-03 | Having a bit of fun on the official Minecraft server from Emmanuel Macron (French President). Disclaimer: This is not an ad, I'm not French, I have no stake in this election, I just love Minecraft.The Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGGrab the files: github.com/LiveOverflow/minecraft-hacked-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
I Spent 100 Days Hacking Minecraft LiveOverflow 2022-04-01 | I got addicted to Minecraft, so I decided to hack it.I know this is a weird video for this channel, but it was really fun to combine Minecraft storytelling with technical tutorials. The result is a very unique hacking tutorial that hopefully can reach lots of new people. I hope you enjoy it!Game Hacking Pwn Adventure Series: youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw9DnQtssdAwgGDevlog Hacking Game: youtube.com/playlist?list=PLhixgUqwRTjwrqAY_YDWllMw4e5E89E3xQuarry: github.com/barneygale/quarryThe Minecraft:HACKED Playlist: youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJGGrab the files: github.com/LiveOverflow/minecraft-hackedEpisode 01:00:00 - Let's Play: The Spawn02:24 - About This Project06:33 - Let's Play: First Adventure08:20 - Motivation to Research the Protocol10:21 - Setup Local Server13:17 - Network Protocol AnalysisCopyright Music:C418 - Sweden-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Ive been Hacking for 10 Years! (Stripe CTF Speedrun) LiveOverflow 2022-03-24 | Celebrating my 10 years of hacking and my 7 years on YouTube!In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me.Cyber Security Challenge Germany: https://cscg.liveNFITS donations: https://nfits.de/spenden/Stripe CTF Announcement stripe.com/blog/capture-the-flag CTF Wrap Up web.archive.org/web/20120531152105/stripe.com/blog/capture-the-flag-wrap-up Files/Sources: github.com/stripe-ctf/stripe-ctf io.smashthestack: io.netgarage.orgey! Look for patterns youtube.com/watch?v=Jpaq0QkepgASudo Exploit Walkthrough youtube.com/watch?v=TLa2VqcGGEQ&list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxGitLab 11.4.7 Remote Code Execution - Real World CTF 2018 youtube.com/watch?v=LrLJuyAdoAgChapters:00:00 - Background Story01:27 - The StripeCTF Blogpost03:11 - Setting up StripeCTF VM04:01 - level01: system()05:50 - level02: PHP Path Traversal07:10 - level03: Array OOB10:57 - level04: Buffer Overflow14:13 - level05: Python Pickle17:04 - level06: Timing Attack19:28 - CTF Playing vs. Reading Writeups20:57 - level06: Blocked I/O24:21 - Reflecting on the CTF26:02 - Cyber Security Challenge Germany28:03 - To Be Continued...-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Missing HTTP Security Headers - Bug Bounty Tips LiveOverflow 2022-03-16 | In this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they are in the context of Google's bug bounty program.Find the full playlist with videos for Google here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-Chapters:00:00 - Background Info03:11 - Intro03:53 - HTTP Security Header Overview04:38 - Example #1: X-Frame-Options06:43 - Example #2: Content-Security-Policy (CSP)08:16 - Example #3: Strict-Transport-Security (HSTS)10:44 - Example #4: Cross-Origin Resource Sharing (CORS)13:12 - Example #5: Cookie Security Flags (HttpOnly)14:25 - Summary15:23 - Outro*advertisement because the video was originally produced for Google: bughunters.google.com/learn/videos/5956774821363712/bug-hunter-university-videos-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Finding 0day in Apache APISIX During CTF (CVE-2022-24112) LiveOverflow 2022-03-07 | In this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution. CVE-2022-24112: seclists.org/oss-sec/2022/q1/133GitLab: liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018Challenge files: github.com/chaitin/Real-World-CTF-4th-Challenge-Attachments/tree/master/API6Chapters:00:00 - Intro01:09 - Initial Application Overview02:15 - Discussing Approaches03:56 - Reading Documentation04:57 - Initial Attack Idea06:15 - Identifying Attack Surface08:46 - Discovering Batch Requests09:18 - Bypassing X-Real-IP Header 10:15 - Testing the Exploit11:11 - Reporting the Issue12:16 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022 LiveOverflow 2022-02-24 | This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.Alternative writeups: github.com/voidfyoo/rwctf-4th-desperate-cat/tree/main/writeupFuzzing log4j with Jazzer: youtube.com/watch?v=kvREvOvSWt4-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Sudo Exploit for (old) Ubuntu 20.04 LTS LiveOverflow 2022-02-12 | This is the end. We finally develop a working sudoedit exploit for Ubuntu 20.04.Grab the files: github.com/LiveOverflow/pwneditGrab the iso: old-releases.ubuntu.com/releases/20.04Full Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxSecond Channel: youtube.com/c/LiveUnderflowTwitch: twitch.tv/liveoverflowEpisode 17:00:00 - Intro00:42 - Ubuntu VM Setup02:09 - Fuzzing sudoedit02:51 - Revisiting an Old Issue04:11 - Exploring _tsearch Crashes06:49 - Creating PoC Exploit08:22 - Minimize and Testing Exploit09:06 - Fuzzing Statistics10:48 - Conclusion11:52 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046 LiveOverflow 2022-02-01 | After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.Jazzer Java Fuzzer: github.com/CodeIntelligenceTesting/jazzerAnthony Weems: twitter.com/amlweems00:00 - Intro00:54 - Chapter #1: The New CVE03:38 - Chapter #2: Disable Lookups05:43 - Chapter #3: Vulnerable log4j Configs07:52 - Chapter #4: The Remote Code Execution10:53 - Chapter #5: Parser Differential12:57 - Chapter #6: Differential Fuzzing16:07 - Chapter #7: macOS Only18:15 - Chapter #8: Increase Impact19:03 - Summary19:58 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Debugging The Failing sudoedit Exploit | Ep.16 LiveOverflow 2022-01-18 | Our exploit doesn't work as the user. So now we need to investigate and figure out how we can make it work. We explore three options and implement additional code, but nothing seems to work.Grab the files: github.com/LiveOverflow/pwneditEpisode 16:00:00 - Intro00:23 - How To Debug The Failing Exploit?00:49 - Core Dumps01:49 - Wait in Execution Wrapper to Attach gdb02:28 - Difference Running sudoedit as root vs. user?03:00 - Option 1: Bruteforce Offsets Perfectly03:38 - Option 2: Fengshui as user04:18 - Option 3: Analyze Our Failing Crash04:48 - Comparing Option 1 vs. 205:45 - Implementing Option 107:56 - Implementing Option 209:16 - Running Option 210:03 - It Doesn't Work in Docker11:11 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Creating The First (Failed) Sudoedit Exploit | Ep. 15 LiveOverflow 2022-01-11 | WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...Grab the files: github.com/LiveOverflow/pwneditdlopen man page: man7.org/linux/man-pages/man3/dlopen.3.htmlComplete playlist: studio.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/playlistsEpisode 15:00:00 - Intro00:27 - Recap of Library Loading Exploit Idea01:45 - Debug a Different Crash02:28 - Can We Reach dlopen?03:37 - Using Patterns to find Offsets05:05 - Writing NULL bytes05:54 - Create Execution Wrapper sudoenv07:52 - Debugging the Debug Script09:00 - Controlling The ni Struct10:18 - Single Step Exploit Code11:33 - Create Attack Shared Library12:17 - First Successful Exploit?12:58 - Doesn't Work for User13:16 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Learning about nss (Linux Name Service Switch) During Sudo Exploitation | Ep. 14 LiveOverflow 2022-01-03 | To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.Grab the files: github.com/LiveOverflow/pwneditRead libc Code: elixir.bootlin.com/glibc/glibc-2.31/sourceEpisode 14:00:00 - Intro00:22 - Select Testcases For Crash Analysis01:19 - Debug Crash in gdb02:02 - Code Examples from grep.app02:53 - Reading libc Source Code04:43 - Learning about nss05:29 - Reaching nss_lookup06:00 - The service_user Struct ni07:55 - nss_lookup_function08:57 - The Crash Reason09:58 - Exploit Brainstorming10:57 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2 LiveOverflow 2021-12-24 | In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws.Part 1 - Hackers vs. Developers // CVE-2021-44228 Log4Shell: youtube.com/watch?v=w2F67LbEtnkMy lamest GitHub repo ever: github.com/LiveOverflow/log4shell--00:00 - Intro00:38 - Chapter #1: Log4j Lookups in Depth Debugging03:50 - Log Layout Formatters06:56 - Chapter #2: Secure Software Design09:21 - Chapter #3: Format String Vulnerabilities13:58 - Chapter #4: noLookups Mitigation15:15 - Final Worlds15:42 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Can We Find a New Exploit Strategy? | Ep. 13 LiveOverflow 2021-12-14 | We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxGrab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)Homework libc source code: elixir.bootlin.com/glibc/glibc-2.31/sourceEpisode 13:00:00 - Intro00:36 - Recap of Episode 1201:16 - Interpret Fuzzing Results | fengshui303:05 - Reproduction Script poc.py04:16 - Heap Object Information not Useful05:10 - Collect More Data on Crashes | fengshui405:32 - Looking at Crashes06:35 - Intersting Crash in nss_lookup_function07:00 - Homework-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Authorization vs. Authentication (Google Bug Bounty) LiveOverflow 2021-12-02 | Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.advertisement: this video was commissioned by the Google Vulnerablity Rewards Program for their site bughunters.google.com watch all BHU videos here: youtube.com/playlist?list=PLY-vqlMAnJ9bGoI82H1BB8BE4A8H2OCA-00:00 - Intro00:33 - Authentication vs. Authentication02:04 - Complex Systems with Permissions and Roles02:42 - Example #1: Permission Complexity04:16 - "Fixes" for Authorization Bugs04:48 - Roles vs. Permissions05:53 - What are Authorization Bugs?06:52 - Example #2: Confusing Invalid Auth "Bugs"08:22 - Summary-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Developing GDB Extension for Heap Exploitation | Ep. 12 LiveOverflow 2021-11-18 | We aren't getting anywhere... So we write a new tool to analyse the heap objects located after our overflowing buffer.Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxGrab the files: github.com/LiveOverflow/pwnedit (sorry, repo is a bit behind the videos)gef for gdb: github.com/hugsy/gefEpisode 12:00:00 - Intro00:12 - How to Find Controllable Heap Allocations?00:50 - Tracing free()!01:21 - Finding Recognizable Strings on the Heap01:58 - More Environment Variables03:26 - fengshui2.py Script Changes04:19 - Wrong Rabbit Hole...05:20 - Some Other Research Attempts06:47 - (gdb) gef Extension - Analyse the Heap Objects09:03 - Heap Tracing Results09:51 - Developing fengshui3.py10:52 - First Peak at Script Results-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Can Hackers Get Into Every Device? LiveOverflow 2021-11-04 | Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is true. And if it's true, should you be worried?You should worry more about Phishing: youtube.com/watch?v=NWtm4X6L_Cs@steventseeley: twitter.com/steventseeley@s1guza: twitter.com/s1guza@itszn13: twitter.com/itszn13@xerub: twitter.com/xerub@gf_256: twitter.com/gf_256 / youtube.com/channel/UCmYAXMxue6UdEPfAPxA0E8w---00:00 - Can Every Device Get Hacked?00:53 - Collaboration02:24 - Law of Security: The More Complexity, The More Insecure03:20 - Proof #1: Zerodium04:55 - Proof #2: Phone Vendor Security Updates05:33 - Proof #3: Hacking Competitions06:28 - "Can You Find The Vulnerabilities Alone?"09:27 - "Weaponized" (or Operationalized) Exploits10:35 - The Original Question Is Useless11:18 - Risk Of Your Device Getting Hacked?12:32 - The Economics Of The Attacker14:30 - Who Should Be Worried About 0days?15:11 - Attack On Security Researchers16:06 - What Can You Do Against Hackers?18:15 - Trick Against Smartphone Hacking19:22 - Summary and Conclusion21:21 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Design Flaw in Security Product - ALLES! CTF 2021 LiveOverflow 2021-10-26 | In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.Challenge Files: github.com/LiveOverflow/ctf-cryptowafWalkthrough: youtube.com/watch?v=ZKrABs-N9wABugBountyReportsExplained: youtube.com/c/BugBountyReportsExplained00:00 - Intro01:33 - Background Story02:55 - What is CryptoWAF?04:16 - Implementing Encryption05:06 - Encryption Challenges06:59 - Implementing Decryption07:02 - Design Flaw08:26 - Exploiting the Design Flaw09:06 - Leaking Database10:04 - WAF Bypass11:04 - Conclusion12:07 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Fuzzing Heap Layout to Overflow Function Pointers | Ep. 11 LiveOverflow 2021-10-17 | After we found some function pointers we could use for exploitation, we instructed sudo to find their heap locations. And then we are developing a script to find a heap layout usable for exploitation. Complete Playlist: youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxGrab the files: github.com/LiveOverflow/pwneditEpisode 11:00:00 - Intro00:40 - The Research Plan02:09 - Collecting Heap Information02:40 - Testing the "Instrumentation" - First Problem04:00 - Understanding Heap Information Output04:34 - Heap Fragemntation Explained05:10 - Which Inputs to Control?05:35 - Writing the Fuzzing Heap Layouts Sripts07:37 - Development Challenges08:28 - The Script Results!09:30 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Video Essay about the Security Creator Scene LiveOverflow 2021-10-06 | I wrote an article about the state of the YouTube Hacker Scene for Phrack. I hope you enjoy this reading.The article can be read here: http://phrack.org/issues/70/15.html#article--=[ Missing parts:1. Remember the hacking videos without audio using notepad to communicate? That's definitely a part of the history that should have been included in this article.--=[ References:How SUDO on Linux was HACKED! // CVE-2021-3156 youtu.be/TLa2VqcGGEQ?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxXSS on Google Search - Sanitizing HTML in The Client? youtube.com/watch?v=lG7U3fuNw3AIdentify Bootloader main() and find Button Press Handler youtu.be/yJbnsMKkRUs?list=PLhixgUqwRTjyLgF4x-ZLVFL-CRTCrUo03 [0] Lenas Reversing for Newbies (2006) web.archive.org/web/20070524043123/http://www.tuts4you.com/download.php?list.17 [1] thebroken by Kevin Rose archive.org/details/thebroken_xvid [2] Hak5 - Episode #1 youtube.com/watch?v=SUEXCCWMfXg [3] Notacon 2007 Part 1 youtube.com/watch?v=HXSZ4PRLUDU [4] CSAW CTF challenge 2.exe, 3.exe and 4.exe flag retrieval youtube.com/watch?v=_Ld1cD9d7tI [5] Beginner Challenge #1... youtube.com/watch?v=tdqJ8NEcJUM [6] Phrack issue #69 - International scenes [7] reddit.com/r/WatchPeopleCode [8] livectf REDEMPTION by geohot 7/27/2014 youtube.com/watch?v=td1KEUhlSuk [9] Let's Hack Livestream - exploit-exercises.com (2015) youtube.com/watch?v=HBnPY77JtqY [10] The Heap: dlmalloc unlink() exploit - bin 0x18 youtube.com/watch?v=HWhzH--89UQ [11] Hacking Livestream #1: ReRe and EZPZP youtube.com/watch?v=XWozhb1ZOyM [12] Life of an Exploit: Fuzzing PDFCrack with AFL for 0days youtube.com/watch?v=8VLNPIIgKbQ [13] HackTheBox - Popcorn youtube.com/watch?v=NMGsnPSm8iw[14] Live CTF v2: ... youtube.com/watch?v=D7uXE_lEzxI [15] SMT in reverse engineering, for dummies youtu.be/b92CW-NZ3l0 [16] GoogleCTF - XSS "Pasteurize" youtu.be/voO6wu_58Ew[17] Hacking into Google's Network for $133337 youtu.be/g-JgA1hvJzA[18] support.google.com/youtube/answer/2801964?hl=en [19] Data breaches, phishing, or malware? Understanding the risks of stolen credentials dl.acm.org/doi/abs/10.1145/3133956.3134067 [20] Zero to Hero Pentesting youtu.be/qlK174d_uu8?list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj[21] How the Apple AirTags were hacked youtu.be/_E0PWQvW-14 [22] FuzzOS: Day 1, starting the OS youtu.be/2YAgDJTs9So [23] How We Hacked a TP-Link Router and Took Home $55,000 in Pwn2Own youtube.com/watch?v=zjafMP7EgEA [24] tiktok.com/@malwaretech --=[ Chapters:00:00 - Intro00:21 - 0. About the Author00:50 - 1. Preamble02:00 - 2. Before 201404:40 - 3. My Start in 201508:50 - 4. Today's Scene15:50 - 5. Final Words16:39 - Some Thoughts20:06 - Outro-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Instagram: instagram.com/LiveOverflow→ Blog: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Did you really find a vulnerability in Google? - ft. @PwnFunction LiveOverflow 2021-09-26 | This video was created in collaboration with @PwnFunction and was comissioned by Google VRP.Checkout @PwnFunction excellent YouTube channel!Read the article here: bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/6082745027264512-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Website: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Developing a Tool to Find Function Pointers on The Heap | Ep. 10 LiveOverflow 2021-09-19 | We develop a helper script to find function pointers we could maybe overwrite with our heap overflow. This is another episode in the sudo series.Complete playlist:youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdxGrab the files: github.com/LiveOverflow/pwneditEpisode 10:00:00 - Intro00:46 - Research Idea01:29 - Collecting Data02:20 - Developing Python Script03:34 - Finding Potential Function Pointers04:01 - Verify if pointers are usable05:07 - Function Pointer Candidate #105:58 - Function Pointer Candidate #206:47 - Evaluate the Research Methodology08:00 - What's Next?-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Website: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
What Ethereum Smart Contract Hacking Looks Like LiveOverflow 2021-09-12 | In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected.This was a challenge called `Montagy` from the Real World CTF 2019 competition.Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.More Ethereum hacking:- Ethereum Smart Contract Hacking #1 - Real World CTF 2018: youtube.com/watch?v=ozqOlUVKL1s- Jump Oriented Programming: Ethereum Smart Contract #2 - Real World CTF 2018: youtube.com/watch?v=RfL3FcnVbJg- Ethereum Smart Contract Backdoored Using Malicious Constructor:youtube.com/watch?v=WP-EnGhIYEc00:00:00 - Backstory00:03:58 - Smart Contract Challenge Overview00:20:17 - Blockchain Transaction Investigation00:22:13 - Rough Plan & Research Setup00:34:27 - Looking more into the Contracts00:41:18 - Debugging with remix01:08:43 - What we learned so far 01:09:31 - Researching custom hash01:34:26 - Breaking hash algorithm with z302:02:37 - Realizing winning condition is different... 02:03:20 - Developing exploit pwn.js02:15:10 - Exploit doesn't work... debugging.02:31:30 - Exploit finally works02:33:55 - Sending Exploit to the Team in China02:35:05 - The Flag02:36:10 - Opinion and Conclusion-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Website: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
Discussing Heap Exploit Strategies for sudo - Ep. 09 LiveOverflow 2021-09-04 | We have a heap buffer overflow, but how can we exploit this now? Let's discuss some of the possible strategies.Grab the files: github.com/LiveOverflow/pwneditWe made the thumbnail together on stream: youtube.com/watch?v=71h-AqXut7AEpisode 09:00:00 - Intro00:35 - Option 1: Exploit Heap Metadata02:42 - Option 2: Exploit Data on Heap04:18 - Heap Feng Shui06:04 - Failure...?07:04 - We Could Fuzz the Heap08:08 - To Be Continued...-=[ ❤️ Support ]=-→ per Video: patreon.com/join/liveoverflow→ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join-=[ 🐕 Social ]=-→ Twitter: twitter.com/LiveOverflow→ Website: liveoverflow.com→ Subreddit: reddit.com/r/LiveOverflow→ Facebook: facebook.com/LiveOverflow
