- Видео 419
- Просмотров 62 876 085
LiveOverflow
США
Добавлен 16 мар 2015
just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions.
-=[ ❤️ Support me ]=-
Patreon per Video: www.patreon.com/join/liveoverflow
RUclips Membership per Month: ruclips.net/channel/UClcE-kVhqyiHCcjYwcpfj9wjoin
-=[ 📄 Imprint ]=-
Security Flag GmbH
Mühlenstraße 8a
14167 Berlin
Germany
-=[ ❤️ Support me ]=-
Patreon per Video: www.patreon.com/join/liveoverflow
RUclips Membership per Month: ruclips.net/channel/UClcE-kVhqyiHCcjYwcpfj9wjoin
-=[ 📄 Imprint ]=-
Security Flag GmbH
Mühlenstraße 8a
14167 Berlin
Germany
Finding The .webp Vulnerability in 8s (Fuzzing with AFL++)
A guide on how to do fuzzing with AFL++ in an attempt to rediscover the libwebp vulnerability CVE-2023-4863 that was used to hack iPhones.
Want to learn hacking? Signup to hextree.io (ad)
Buy my shitty font: shop.liveoverflow.com/ (ad)
Watch webp Part 1: ruclips.net/video/lAyhKaclsPM/видео.html
Sudo Vulnerability Series: ruclips.net/p/PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Docker Video: ruclips.net/video/-YnMr1lj4Z8/видео.html
OSS-Fuzz: github.com/google/oss-fuzz
OSS-Fuzz libwebp coverage: storage.googleapis.com/oss-fuzz-coverage/libwebp/reports/20230901/linux/src/libwebp/src/utils/report.html
AFLplusplus: github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md
vanhauser's blog: www.sr...
Want to learn hacking? Signup to hextree.io (ad)
Buy my shitty font: shop.liveoverflow.com/ (ad)
Watch webp Part 1: ruclips.net/video/lAyhKaclsPM/видео.html
Sudo Vulnerability Series: ruclips.net/p/PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Docker Video: ruclips.net/video/-YnMr1lj4Z8/видео.html
OSS-Fuzz: github.com/google/oss-fuzz
OSS-Fuzz libwebp coverage: storage.googleapis.com/oss-fuzz-coverage/libwebp/reports/20230901/linux/src/libwebp/src/utils/report.html
AFLplusplus: github.com/AFLplusplus/AFLplusplus/blob/stable/docs/fuzzing_in_depth.md
vanhauser's blog: www.sr...
Просмотров: 54 368
Видео
A Vulnerability to Hack The World - CVE-2023-4863
Просмотров 105 тыс.6 месяцев назад
Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp's build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I'm excited to share with you what I learned. Want to learn hacking? Signup to hextree.io (ad) Buy my shitty font: shop.liveoverflow.com...
Reinventing Web Security
Просмотров 38 тыс.7 месяцев назад
Follow me down the rabbit hole into the wonderful world of IT security. Buy my terrible font (ad): shop.liveoverflow.com Learn hacking (ad): hextree.io Related Videos: ruclips.net/video/866olNIzbrk/видео.html ruclips.net/video/lKzsNp4AveY/видео.html Tweets: LiveOverflow/status/1720734431659376995 LiveOverflow/status/1720799912181284864 LiveOverflow/status/172...
The Circle of Unfixable Security Issues
Просмотров 112 тыс.8 месяцев назад
Not every security issues can be fixed. There exist (what I call) "unfixable" bugs, where you can always argue and shift the goal posts. The idea is to only report these kind of issues to create an endless stream of bug bounty money! Buy my terrible font (ad): shop.liveoverflow.com Learn hacking (ad): hextree.io What is a vulnerability? ruclips.net/video/866olNIzbrk/видео.html hackerone reports...
Hacker Tweets Explained
Просмотров 158 тыс.9 месяцев назад
Let me explain to you what you can learn from these tweets. Did you know the name trick? Buy my terrible font (ad): shop.liveoverflow.com Learn hacking (ad): hextree.io Quote Tweet: avlidienbrunn/status/1697869590569582932 Original Tweet: Rhynorater/status/1696862832841916679 Critical Thinking Podcast: www.criticalthinkingpodcast.io/ XSS Origin Series: ruclips.net/p/PLhi...
Zenbleed (CVE-2023-20593)
Просмотров 156 тыс.9 месяцев назад
Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD. Watch part 1 about fuzzing: ruclips.net/video/neWc0H1k2Lc/видео.html buy my font (advertisement): shop.liveoverflow.com/ This video is sponsored by Google: security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html Original Zenbleed Writeup: lock.cmpxchg8b.com/zenbleed.html Grab the code: github.c...
The Discovery of Zenbleed ft. Tavis Ormandy
Просмотров 61 тыс.10 месяцев назад
How did Tavis Ormandy fuzz CPUs to discover Zenbleed? In this video we learn about the techniques to make this work! Watch part 2: ruclips.net/video/9EY_9KtxyPg/видео.html buy my font (advertisement): shop.liveoverflow.com/ This video is sponsored by Google: security.googleblog.com/2023/08/downfall-and-zenbleed-googlers-helping.html Original Zenbleed Writeup: lock.cmpxchg8b.com/zenbleed.html AM...
Asking Android Developers About Security at Droidcon Berlin
Просмотров 34 тыс.10 месяцев назад
I attended droidcon Berlin 2023 and interviewed some developers about what they know about Android security. Thanks again to everybody who answered my questions, and thanks Egidijus for the dcbln23 ticket. Buy the terrible font (advertisement): shop.liveoverflow.com/ Watch my security conference vlog: ruclips.net/video/E9kz6RQu9Oc/видео.html Egidijus on Twitter: AegisLil droidcon: w...
Local Root Exploit in HospitalRun Software
Просмотров 68 тыс.11 месяцев назад
Let's talk about a "security flaw in hospital software that allows full access to medical devices". This issue was disclosed on LinkedIn and included a full exploit code. Let's use this app as an example on how to find a macOS privilege escalation and learn how local root exploits can work. Print BINGO sheet: liveoverflow/status/1682650394227351552 Sources: Original LinkedIn Post: w...
Android App Bug Bounty Secrets
Просмотров 96 тыс.11 месяцев назад
Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists! Start Android Bug Hunting Here! Google App Scan Results: bughunters.google.com/report/targets/290590452 Google Mobile VRP: bughunters.google.com/...
Generic HTML Sanitizer Bypass Investigation
Просмотров 140 тыс.11 месяцев назад
I stumbled over a weird HTML behavior on Twitter and started to investigate it. Did I just stumble over a generic HTML Sanitizer bypass? Get my handwritten font shop.liveoverflow.com (advertisement) Checkout our courses on hextree.io (advertisement) The Tweet: MRCodedBrain/status/1662701541680136195 Google XSS: ruclips.net/video/lG7U3fuNw3A/видео.html HTML Spec: html.spec.whatwg.org...
Hacking Google Cloud?
Просмотров 123 тыс.Год назад
Every year Google celebrates the best security issues found in Google Cloud. This year we take a look at the 7 winners to see if we could have found these issues too. Will I regret not having hacked Google last year? This video is sponsored by Google VRP: Follow GoogleVRP Twitter: GoogleVRP The GCP Prize Winners of 2022: security.googleblog.com/2023/06/google-cloud-awards-313337-in-...
Trying to Find a Bug in WordPress
Просмотров 91 тыс.Год назад
I stumbled over some WordPress code involving caching. Immediately I had this idea about MD5 collision and how this could affect the implemented logic. I started going down a rabbit hole exploring the feasibility and eventually setting up a PHP debug environment. Only to realize that the idea was flawed from the start. So while this ends up being failed security research, we still learn a lot a...
Authentication Bypass Using Root Array
Просмотров 126 тыс.Год назад
Lots of #bugbountytips get posted on twitter, but some of them are ... weird. Let's explore the technical details of one tweet to understand where this tip came from, why this tip was wrong, and eventually learn about the real underlaying vulnerability. This is a surprising turn of events! advertisement: Get my handwritten font shop.liveoverflow.com Checkout our courses on hextree.io Authentica...
My YouTube Financials - The Future of LiveOverflow
Просмотров 104 тыс.Год назад
My RUclips Financials - The Future of LiveOverflow
Accidental LLM Backdoor - Prompt Tricks
Просмотров 142 тыс.Год назад
Accidental LLM Backdoor - Prompt Tricks
Cyber Security Challenge Germany (2023)
Просмотров 21 тыс.Год назад
Cyber Security Challenge Germany (2023)
Advanced Teleport Hack (stolen from cheaters)
Просмотров 45 тыс.Год назад
Advanced Teleport Hack (stolen from cheaters)
VPNs, Proxies and Secure Tunnels Explained (Deepdive)
Просмотров 77 тыс.Год назад
VPNs, Proxies and Secure Tunnels Explained (Deepdive)
Revisiting 2b2t Tamed Animal Coordinate Exploit
Просмотров 62 тыс.Год назад
Revisiting 2b2t Tamed Animal Coordinate Exploit
I don't understand why all the other video's I watched on this topic didn't just say go read RFC 791, RFC 9293, & RFC 9112 and now you know how things work. Thanks for finally clearing up how things actually work!
Step 1 watch robot s1and s4
The moment he said idk i was like whhhhhhhhhhhjhhaaattt this is most genuine answer lets watch more😂
What if I send you a free phone sim? And you analyze it of traffic and such and post youtube of finding? These are free phone service called Safelink Wireless. Own by Tracfone which is own Verizon.
Someone should hack a Minecraft smartwatch from Walmart and run doom because the answer is always yes it can
Please do reenactments of historic bug discussions :D
why this video is only available in 360p? 🤔
Ok, what is a root? 😅 I am just starting out in IT and this video helped me a lot! I think what confused me the most really is that ‚server‘ is used for software AND hardware. So thanks for clearing that up! 💜
am enjoin watching this but i didn't get it
still am confuse 😪😪
❤
How did you get ghidra to recognize a stripped file?
Cybercrime world is bigger than i thought lol
Now that is some real Professional Dev Ops / Cybersecurity situation. As an it student i admire your knowledge.
I must say, LiveOverflow demonstrates an uncommon intellect in this video. I've had a very enjoyable session on gdb this afternoon playing around with headers and binning on the heap. For those confused with the HEAP2 puzzle, simply write your own much shorter C program and play with it in gdb.
im still confused
what was the payload?
Apple screws everyone
At first glance I didn't get the video what was being taught in this video 4-5 years back as this was the first ever binary exploitation video that I had seen but now I can surely say that this is a gem for me as this video have given me the opportunity to deep dive into the world of binary exploitation/ reverse engineering field and now I can properly understand the concepts being taught in this video. Thank you @LiveOverflow :) because of you only I got to know about this field. Special shoutout to @JohnHammond also.
I was about to leave this video at the half way point...I'm glad I didn't. Keep working hard👍
can you share the test_stripped file?
Some people might say why you promote anonymity over a RUclips video. However, it takes too much work to gain trust and credibility without your Instagram baby face coming to play. Thanks for educating me and others, and please let's focus on skills just as you described. Peace
Can I bypass router login page
Melhor relatório que eu já vi (1:51): "Verificou-se que o site carece de qualquer forma de proteção. Basta enviar 'Por favor, deixe-me entrar' e o site gerará um shell com permissões de root." Ri muito aqui.
So you are saying don't use my network password as my displayed router name before my home address publicly visible?? Ok can I write it on my computer with my financial info? Breh not to the memory don't be ridiculous with a sharpie near my keyboard that I keep outside on my porch on top of my social security and birth certificate, I keep it there so my credit cards do not blow away. I'm not stupid guys I got this.
dude im a radare master
Bro went through the five or what stages of grief 💀
The challenge is not hard you are just not very skilled.
Off subject. What software do you use to edit your videos? Thanks
After 5 years I've finally got the courage to dive into this lol. It still works (with a few easy fixes) on ubuntu 24.04 as well as docker 24.0.5 and docker-compose v2.20.3 Excited to see what I can do with this :D
theres a command called “fromanticheat” which is weird because the save file is so easy to hack
@4:47 the comment says decrypt but the arrow says encryption. its confusing to me.
lateral movement!
Solder 1 pin and align the header, the go the rest
in today there is pwndbg for that trick 🤣🤣🤣🤣
I hate the classical
Thank you for the tutorial, clear as always. I am trying to replicate the CVE in a Docker container, however, when I run sudoedit -s 'AAAAAAAAAAAA\' I get vim opened. I cannot understand why. Could you please help me? I am running Ubuntu 18.04 and. sudo1.9.5p1 (the version before the patch)
Dude, i'm totally confused....😢
Even though my first language is Persian and my English isn't perfect, it's clear how passionate you are about the mechanics. Your teaching is really deep and insightful. As a Minecraft fan and a computer science student who's also into programming and security, I find your content super valuable and enjoyable. Thanks for sharing your knowledge!
Even though my first language is Persian and my English isn't perfect, it's clear how passionate you are about the mechanics. Your teaching is really deep and insightful. As a Minecraft fan and a computer science student who's also into programming and security, I find your content super valuable and enjoyable. Thanks for sharing your knowledge!
im disapointed that you cant realy patch binnary with ghidra😢
i miss this series 😭
zero day exploit 😂
Ik there was some myspace worm that used an XSS issue ..
great explanation! Anyway I would make another call to the LLM asking it to detect a possibile injection before proceding with the main question
square bear
jalapenos :)
Anyone else find it funny how his hostname is redstar-os?
"and hack the planet"
Still a classic.