Our exploit doesn't work as the user. So now we need to investigate and figure out how we can make it work. We explore three options and implement additional code, but nothing seems to work.
2022-01-18 23:19:51 +0000 UTC
View Post
WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...
Grab the files: 2022-01-11 15:22:26 +0000 UTC
View Post
To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.
In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws.
2021-12-24 15:46:57 +0000 UTC
View Post
Let's try to make sense of the Log4j vulnerability. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j.
2021-12-17 16:04:23 +0000 UTC
View Post
We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.
Also a small thank you to all Patreons at the end of the video :)
2021-12-14 14:53:59 +0000 UTC
View Post
Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.
2021-12-02 15:28:50 +0000 UTC
View Post
We are getting nowhere... So we write a new tool to analyse the heap objects located after our overflowing buffer. Maybe we can learn something new!
2021-11-18 15:31:50 +0000 UTC
View Post
Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is true. And if it's true, should you be worried?
You should worry more about Phishing: https://www.y...
2021-11-04 23:08:30 +0000 UTC
View Post
In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.
2021-10-26 14:15:51 +0000 UTC
View Post
After we found some function pointers we could use for exploitation, we instructed sudo to find their heap locations. And then we are developing a script to find a heap layout usable for exploitation.
Complete Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmj...
2021-10-17 15:56:46 +0000 UTC
View Post
I wrote an article about the state of the YouTube Hacker Scene for Phrack. I hope you enjoy this reading. The article can be read here: 2021-10-06 15:12:14 +0000 UTC
View Post
We develop a helper script to find function pointers we could maybe overwrite with our heap overflow. This is another episode in the sudo series.
Complete playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
2021-09-19 15:12:24 +0000 UTC
View Post
In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected. This was a challenge called `Montagy` from the Real World CTF 2019 competition. Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.
2021-09-12 16:58:13 +0000 UTC
View Post
We have a heap buffer overflow, but how can we exploit this now? Let's discuss some of the possible strategies.
2021-09-04 14:57:31 +0000 UTC
View Post
A bit more code review of sudo to understand why it's vulnerable and what the conditions are to get there.
Lagging a bit behind with the written articles, here are the last two episodes:
... and use alert(document.domain) or alert(window.origin) instead.
Blog post version: https://liveoverflow.com/do-not-use-alert-1-in-xss/
2021-07-31 15:01:18 +0000 UTC
View Post
We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.
The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: 2021-07-24 15:18:08 +0000 UTC
View Post
This is a phishing security awareness video where I am showing you how to identify a trustworthy site. Spoiler alert: the browser address bar is the only trustworthy security indicator
2021-07-17 15:59:16 +0000 UTC
View Post
It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!
The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communicati...
2021-07-10 14:53:43 +0000 UTC
View Post
Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow. ASan is an invaluable tool for that.
One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks.
Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05
Article version: <...
2021-06-25 17:29:35 +0000 UTC
View Post
What is the difference between a security vulnerability and a security risk?
2021-06-18 17:13:45 +0000 UTC
View Post
AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.
Files on GitHub: https://github.com/LiveOverflow/pwnedit/tree/main/episode04
Blog Post: 2021-06-11 17:25:37 +0000 UTC
View Post
Is hacking a meritocracy? Who is not good enough to be successful? Is it just jealousy?
2021-06-04 17:34:58 +0000 UTC
View Post
A while back I started the "autobiographical" t-shirt video series about my life. I promised to continue it for members and patreons. So here we go.
Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjwy6HCzLfwNzdrSrcrLOM4d
2021-05-25 13:47:00 +0000 UTC
View Post
We are using afl to fuzz the sudo binary, but we run into a lot more issues. In this video we are troubleshooting some issues and come up with solutions.
Blog version: https://liveoverflow.com/troubleshooting-afl-fuzzing-problems/
2021-05-22 17:25:13 +0000 UTC
View Post
What is the difference between Pentesting and Pentesting? There are different jobs that can be described as "pentesting" and I want to talk a bit about it. This should also help you to better organize your own learning, as you better understand your goal.
Blog: https://liveoverflow.c...
2021-05-15 18:16:45 +0000 UTC
View Post
sudoedit research episode 2
Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?
Grab the files: https://github.com/LiveOverflow/pwnedit...
2021-05-08 16:18:09 +0000 UTC
View Post
Recently a serious vulnerability in sudo was announced. But how can people even find these kind of bugs? Let's talk about why we would want to look for vulnerabilities in sudo, and how we could do that. We then try to setup afl, but fail... well... this will take a while
Text Version: https:...
2021-04-29 16:48:17 +0000 UTC
View Post