What is a Server?
With this video I explain my ~17y/o self what a "Server" is. We look at server software and servers in datacenters to understand how the word is used.
2022-11-10 17:33:32 +0000 UTC View Post
With this video I explain my ~17y/o self what a "Server" is. We look at server software and servers in datacenters to understand how the word is used.
2022-11-10 17:33:32 +0000 UTC View PostI was bullied and kicked out. So I traveled very very far away to establish a new base. In the process I moved the world from 1.18.2 to 1.19.2, forcing everybody to upgrade their hacks and find the new IP. But can you also find my new base?
2022-10-31 16:21:26 +0000 UTC View PostHow bad is it to leak your IP address? VPN providers want us to believe it is dangerous, but I wanted to share my thoughts on the matter.
Minecraft:HACKED https://www.youtube.com/playlist?list=PLhixgUqwRTj...
2022-10-21 15:56:34 +0000 UTC View PostTelling the story how code review lead to the discovery of a common mistake plugin developers make. It also affects worldguard. However is it really worth fixing?
2022-10-12 16:41:31 +0000 UTC View PostWhy is it called "XSS"? Where does it come from and who influenced this type of website vulnerability?
Full Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjyakFK7puB3fHVfXMinqMSi
2022-10-03 15:41:52 +0000 UTC View PostIn August 1996, Internet Explorer joined the JavaScript security scene after they added JScript. During this era from around 1996-2000, tons of bugs were found what we would call today "Universal Cross-site Scripting". I find this word confusing, but looking back at the history, we can try to make sense of it.
2022-09-25 13:07:55 +0000 UTC View PostHackers keep finding my server and ruin everything. Maybe it's time to end it.
Watch full series: https://www.youtube.com/playlist?list=PLhixgUqwRTjwvBI-hmbZ2rpkAl4lutnJG
2022-09-13 15:46:09 +0000 UTC View PostIn this video we talk about the first JavaScript vulnerabilities in 1997, and how the field was dominated by three "XSS" legends.
2022-09-04 14:33:05 +0000 UTC View PostWe investigate how Herobrine got OP on my server and we look back at the network protocol vulnerability I reported in march.
2022-08-25 18:11:18 +0000 UTC View PostIn this video we explore the basic ideas behind CPU vulnerabilities and have a closer look at RIDL.
2022-08-11 16:16:51 +0000 UTC View PostMaybe you are wondering how people can figure out crazy stuff in Minecraft. Generally there are two techniques: dynamic testing or reading code. So which method is better?
2022-08-07 17:54:44 +0000 UTC View PostThere exist some awesome tools nowadays to accelerate your self-education for reverse engineering. godbolt and dogbolt are amazing to quickly learn basic assembly and reversing.
In 1995 Netscape invented JavaScript (LiveScript) and it marked the start of client-side web security issues. In this video we explore this history and learn about the same origin policy (SOP).
2022-07-23 14:45:03 +0000 UTC View PostSome players found my server and imprisoned me...
We also talk about various techniques of cracking the seed of my server.
2022-07-13 16:56:58 +0000 UTC View PostA deeper look into the german hacking laws to see what kind of actions are illegal. There are some surprising edge cases and lots of room for debates.
2022-07-03 16:22:48 +0000 UTC View PostLet's explore how Minecraft can be customized. The knowledge we gain from that is very useful to identify interesting attack surface.
2022-06-24 16:56:35 +0000 UTC View PostLaws are complicated and internet wide scanning is a bit of a grey area. So I wonder, what is ethical? Did I cross a line? What do you think?
2022-06-12 16:39:48 +0000 UTC View PostGoogle announced the Google Cloud Platform (GCP) Prize 2021 - 133.337$ for the best bug bounty report for the Google Cloud Platform. Reading writeups is important to stay up to date and learn about different attacks. In this video I go over the 6 winners and share my thoughts.
2022-06-03 19:52:14 +0000 UTC View PostI want to show you another Minecraft related project of mine. I tried to scan the whole internet for servers. A project like this is really good practice to gain more coding experience. And the knowledge gained is applicable to other areas, for example if I would ever want to build large scale scanning for bug bounties or sim...
2022-05-19 16:13:21 +0000 UTC View PostIn this video I show off my new XRay mod, we go mining, almost die in the Nether and discover a vulnerability in the Minecraft Protocol. Just another normal Minecraft:HACKED episode!
(sorry I forgot to post this yesterday)
2022-05-09 09:40:28 +0000 UTC View PostIn this episode we start by exploring the basic AFK fishing farm. While building a potato farm we learn about the scientific method and how we can apply it to Minecraft to find a new fishing farm design for 1.19. Unfortunately we are still on 1.18.2, so we have to develop our own autofish mod. From the newly found programming...
2022-05-01 14:29:50 +0000 UTC View PostIn this episode of Minecraft Hacked we are going to look into client mods and talk about cheating in general.
In this episode we learn how Minecraft servers are implemented by looking at PaperMC and tracing the dependencies. Turns out the custom Minecraft servers rely on decompiling the server source code! It's insane what this Minecraft community has created.
Grab the files: 2022-04-10 14:55:29 +0000 UTC View Post
I got addicted to Minecraft, so I decided to hack it. I know this is a weird video for this channel, but it was really fun to combine Minecraft storytelling with technical tutorials. The result is a very unique hacking tutorial that hopefully can reach lots of new people. I hope you enjoy it!
Celebrating my 10 years of hacking and my 7 years on YouTube! In 2012 I came across my first hacking CTF. Stripe organized a Capture the Flag competition with 6 levels to learn about different vulnerabilities. This is what it all started for me. In this video I reflect on the challenges from back then.
2022-03-24 15:34:10 +0000 UTC View PostIn this video we talk about various HTTP headers that can improve or weaken the security of a site. And we discuss how serious they really are.
2022-03-16 19:21:55 +0000 UTC View PostIn this video we perform a code audit of Api6 and discover a default configuration that can be escalated to remote code execution.
CVE-2022-24112: https://seclists.org/oss-sec/2022/q1/133
This was a hard web CTF challenge involving a JSP file upload with very restricted character sets. We had to use the Expression Language (EL) to construct useful primitives and upload an ascii-only .jar file.
2022-02-24 16:47:23 +0000 UTC View PostThis is the end. We finally develop a working sudoedit exploit for Ubuntu 20.04.
2022-02-12 18:55:25 +0000 UTC View PostAfter the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to fi...
2022-02-01 16:37:40 +0000 UTC View Post