The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit.
Article: 2021-04-22 15:40:26 +0000 UTC
View Post
Do you have a linux server and do you know how to prevent getting hacked? In this video we will critically discuss a few best practices. The video can be summarized as: "a lot of fluff, not much use".
Prefer to read? Blog article version: 2021-04-15 15:40:23 +0000 UTC
View Post
I made every video I ever wanted to make... At least that's how I feel. I feel like "Everything I know I have shared in my over 300 videos". I recently celebrated 6 years on YouTube, and it made me think about the state of the channel and the struggle of finding new video ideas.
Website: 2021-04-07 17:06:25 +0000 UTC
View Post
In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software Load Balancer, BNS addresses and other Google secret tricks!
...
2021-03-17 18:22:51 +0000 UTC
View Post
A troubleshooting video about a binary exploitation challenge. Should fit well into the binary exploitation playlist
https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
2021-02-25 18:29:25 +0000 UTC
View Post
When I looked at another SerenityOS exploit, I learned something new! The hack is very creative and directly interacts with hardware. I never really understood how modern CPUs interact with peripherals, so this was very interesting to me.
2021-02-14 17:59:25 +0000 UTC
View Post
When I saw how easy it is for Andreas to find bugs in his own code, and even write exploits for it, I thought about the relationship between hacking and coding skills. And it's not surprising that decades of programming experience can easily transferred to hacking skills!
LiveOverflow Playlists: 2021-02-05 21:18:22 +0000 UTC
View Post
Part two of analysing the Serenity wisdom2 exploit
2021-01-23 01:40:11 +0000 UTC
View Post
Let's have a look at a kernel local privilege escalation exploit in SerenityOS! And why it is beneficial to learn about it, even though it's not a widely used OS.
2021-01-10 20:49:39 +0000 UTC
View Post
This is the last set of videos for my advents calendar. The last video is a more regular video that I scripted and edited.
The third set of videos for the December t-shirt project, only one more set to go.
This is the second set of December videos!
Hellooo o/
This is the first Patreon bundle for the December project.
We are going to solve the Nintendo HireMe.cpp challenge with some "basic" math. I call it basic, because linear algebra is taught pretty early in school. But I know it is not so easy to figure out that it can be used here. Also the trick with GF2 is math that you would only learn at university. But if you would watch my video...
2020-11-26 18:05:54 +0000 UTC
View Post
Hey everyone, last year I made 24 daily videos as an "advents calendar" (https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2 ). This year I will do something similar! I had the idea of telling ...
2020-11-20 10:24:09 +0000 UTC
View Post
Difficult programming and reverse-engineering challenge by Nintendo European Research & Development (NERD). In this first part I have a first look at the challenge and try different stuff. In the next video we talk about the solution.
HireMe.cpp: 2020-11-19 18:14:05 +0000 UTC
View Post
Get a unique insight into how hacking really looks like. This is a live recording and commentary of the ALLES! CTF Team playing the Google CTF finals hackceler8. After we have placed 8th in the Google CTF 2020, we were invited to a special finals event, which was speed hacking against 3 other teams. Unfortunately we only got ...
2020-11-07 23:50:38 +0000 UTC
View Post
Let's explore what a file format is, and provide a different view on it. We dive into polyglots, file format research and the impact on security.
Funky File Formats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is
cork...
2020-10-26 17:56:23 +0000 UTC
View Post
I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.
Try the XSS challenge...
2020-10-18 19:17:39 +0000 UTC
View Post
In the second part we are building on top of what we have learned. We figure out how to craft something special out of a very limited script gadget. Eventually we can use it to leak the secret notes ID and notes content.
Part 1: https...
2020-10-08 17:23:10 +0000 UTC
View Post
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.
Challenge: https://capturetheflag...
2020-09-28 19:41:17 +0000 UTC
View Post
Try chatting with tech support about getting a flag. There is a very easy XSS in the support chat, but the problem is, the XSS is on the wrong domain. So we can't easily grab the flag.
Challenge: https://captureth...
2020-09-18 15:50:49 +0000 UTC
View Post
Easy web challenge from the Google CTF. XSS a paste service.
Challenge: https://capturetheflag.withgoogle.com/challenges/web-pasteurize
2020-09-09 15:49:01 +0000 UTC
View Post
It turns out, I have a favorite number over 1 million! Let me show you why 1094795585 is special to me and to many hackers.
#MegaFavNumbers Playlist: https://www.youtube.com/playlist?list=PLar4u0v66vIodqt3KSZPsYy...
2020-09-01 17:04:08 +0000 UTC
View Post
The last day from my trip to the Google CTF Finals 2019 in London.
Hardware challenge "Having a Blast" from the Google CTF Finals. It can be compared to the "Keep Talking and Nobody Explodes".
Day 1 of the Google CTF Finals 2019
2020-08-12 16:59:17 +0000 UTC
View Post
In December 2019 I was invited by Google to come to London for the Google CTF finals. This Vlog is about my second day where I listened to some bug hunter talks and met students at init.G.
I'm going through my backlog and will be releasing the remaining days of the trip. Including some interviews with CTF authors and de...
2020-08-08 17:04:22 +0000 UTC
View Post
A very interesting Cross-site Scripting Issue in gDocs Spreadsheets. I get a chance to talk to the bug hunter Nick, as well as Google engineers to understand both sides. How did he find it? And why did this vulnerability exist in the first place?
2020-07-31 15:58:33 +0000 UTC
View Post
To make a hackable MMO game, I had to think a lot about the unique game design. So we are going over challenges as well as level design and how the game evolved.
This is part 4/4. Next video will be back to "regular" content.
2020-07-08 16:34:04 +0000 UTC
View Post