FapsParty
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

Debugging The Failing sudoedit Exploit | Ep.16

LiveOverflow post Debugging The Failing sudoedit Exploit | Ep.16

Our exploit doesn't work as the user. So now we need to investigate and figure out  how we can make it work. We explore three options and implement additional code, but nothing seems to work.

View Post

Creating The First Sudoedit Exploit

LiveOverflow post Creating The First Sudoedit Exploit

WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root; Executing it as a regular user doesn't work...

Grab the files: 2022-01-11 15:22:26 +0000 UTC View Post

Learning about nss (Linux Name Service Switch) During Sudo Exploitation

LiveOverflow post Learning about nss (Linux Name Service Switch) During Sudo Exploitation

To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.  

Log4j Lookups in Depth // Log4Shell CVE-2021-44228

LiveOverflow post Log4j Lookups in Depth // Log4Shell CVE-2021-44228

In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws.

View Post

Hackers vs Developers // CVE-2021-44228 Log4Shell

LiveOverflow post Hackers vs Developers // CVE-2021-44228 Log4Shell

Let's try to make sense of the Log4j vulnerability. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability.  This is part 1 of a two part series into log4j.

View Post

Can We Find a Exploit Strategy?

LiveOverflow post Can We Find a Exploit Strategy?

We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.

Also a small thank you to all Patreons at the end of the video :)

View Post

Authorization vs. Authentication

LiveOverflow post Authorization vs. Authentication

Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.

View Post

Developing GDB Extension for Heap Exploitation

LiveOverflow post Developing GDB Extension for Heap Exploitation

We are getting nowhere... So we write a new tool to analyse the heap objects located after our overflowing buffer. Maybe we can learn something new!

View Post

Can Hackers Get Into Every Device?

LiveOverflow post Can Hackers Get Into Every Device?

Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is true. And if it's true, should you be worried?  

You should worry more about Phishing: https://www.youtube.com/watch?v=NWtm4... 

@steventseeley: 2021-11-04 23:08:30 +0000 UTC View Post

Design Flaw in Security Product - ALLES! CTF 2021

LiveOverflow post Design Flaw in Security Product - ALLES! CTF 2021

In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.

View Post

Overflowing Function Pointers On The Heap?

LiveOverflow post Overflowing Function Pointers On The Heap?

After we found some function pointers we could use for exploitation, we instructed sudo to find their heap locations. And then we are developing a script to find a heap layout usable for exploitation.

Complete Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx
Grab the files: 2021-10-17 15:56:46 +0000 UTC View Post

Video Essay about the Security Creator Scene

LiveOverflow post Video Essay about the Security Creator Scene

I wrote an article about the state of the YouTube Hacker Scene for Phrack. I hope you enjoy this reading.  The article can be read here: View Post

Can we find function pointers to exploit the heap?

LiveOverflow post Can we find function pointers to exploit the heap?

We develop a helper script to find function pointers we could maybe overwrite with our heap overflow. This is another episode in the sudo series. 

Complete playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx

View Post

How Ethereum Smart Contract Hacking Looks Like

LiveOverflow post How Ethereum Smart Contract Hacking Looks Like

In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected. This was a challenge called `Montagy` from the Real World CTF 2019 competition. Even though this was part of a competition, the methodology and technologies used are the tools used in real-life Ethereum hacking as well.

View Post

Discussing Heap Exploit Strategies for sudo

LiveOverflow post Discussing Heap Exploit Strategies for sudo

We have a heap buffer overflow, but how can we exploit this now? Let's discuss some of the possible strategies.

View Post

Reaching Vulnerable Code in sudo (C code review)

LiveOverflow post Reaching Vulnerable Code in sudo (C code review)

A bit more code review of sudo to understand why it's vulnerable and what the conditions are to get there.

Lagging a bit behind with the written articles, here are the last two episodes:

DO NOT USE alert(1) for XSS

LiveOverflow post DO NOT USE alert(1) for XSS

... and use alert(document.domain) or alert(window.origin) instead.

Blog post version: https://liveoverflow.com/do-not-use-alert-1-in-xss/

View Post

Understanding C Pointer Magic Arithmetic

LiveOverflow post Understanding C Pointer Magic Arithmetic

We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.  

The full playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjy0gMuT4C3bmjeZjuNQyqdx 

Grab the files: https://github.com/LiveOverflow/pwnedit

View Post

Don't Get Phished! (Phishing Awareness)

LiveOverflow post Don't Get Phished! (Phishing Awareness)

This is a phishing security awareness video where I am showing you how to identify a trustworthy site. Spoiler alert: the browser address bar is the only trustworthy security indicator

View Post

What is a Browser Security Sandbox?! (Learn to Hack Firefox)

LiveOverflow post What is a Browser Security Sandbox?! (Learn to Hack Firefox)

It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!

The Original Article: https://blog.mozilla.org/attack-and-defense/2021/04/27/examining-javascript-inter-process-communication-in-firefox/

View Post

Fuzzer Crash Root Cause Analysis With ASAN (AddressSanitizer)

LiveOverflow post Fuzzer Crash Root Cause Analysis With ASAN (AddressSanitizer)

Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow. ASan is an invaluable tool for that.

Found a Crash Through Fuzzing? Minimize AFL Testcases!

LiveOverflow post Found a Crash Through Fuzzing? Minimize AFL Testcases!

One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks.

Grab the files: https://github.com/LiveOverflow/pwnedit/tree/main/episode05

Article version: https://...

View Post

Security Risk vs. Security Vulnerability?

LiveOverflow post Security Risk vs. Security Vulnerability?

What is the difference between a security vulnerability and a security risk?

View Post

Finding Buffer Overflow with Fuzzing - sudo EP. 4

LiveOverflow post Finding Buffer Overflow with Fuzzing - sudo EP. 4

AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.  

Files on GitHub: https://github.com/LiveOverflow/pwnedit/tree/main/episode04
Blog Post: https://liveoverflow.com/finding-buffer-overflow-with-fuzzing/

View Post

Hacker Culture Meritocracy?

LiveOverflow post Hacker Culture Meritocracy?

Is hacking a meritocracy? Who is not good enough to be successful? Is it just jealousy?

View Post

Giving a Talk at Area41 (2016) - Shirt Stories #24

LiveOverflow post Giving a Talk at Area41 (2016) - Shirt Stories #24

A while back I started the "autobiographical" t-shirt video series about my life. I promised to continue it for members and patreons. So here we go.

Playlist: https://www.youtube.com/playlist?list=PLhixgUqwRTjwy6HCzLfwNzdrSrcrLOM4d

View Post

Troubleshooting AFL Fuzzing Problems

LiveOverflow post Troubleshooting AFL Fuzzing Problems

We are using afl to fuzz the sudo binary, but we run into a lot more issues. In this video we are troubleshooting some issues and come up with solutions.

Blog version: https://liveoverflow.com/troubleshooting-afl-fuzzing-problems/

View Post

Pentesting vs. Bug Bounty vs. Pentesting ???

LiveOverflow post Pentesting vs. Bug Bounty vs. Pentesting ???

What is the difference between Pentesting and Pentesting? There are different jobs that can be described as "pentesting" and I want to talk a bit about it. This should also help you to better organize your own learning, as you better understand your goal. 

Blog: https://liveoverflow.com/pentesting-vs-pentesting-vs-bug-bounty/

View Post

How Fuzzing with AFL works!

LiveOverflow post How Fuzzing with AFL works!

sudoedit research episode 2

Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to start fuzzing sudo for real. Can we find the vulnerability now?

Grab the files: https://github.com/LiveOverflow/pwnedit/

Blog: 2021-05-08 16:18:09 +0000 UTC View Post

Why Pick sudo as Research Target?

LiveOverflow post Why Pick sudo as Research Target?

Recently a serious vulnerability in sudo was announced. But how can people even find these kind of bugs? Let's talk about why we would want to look for vulnerabilities in sudo, and how we could do that. We then try to setup afl, but fail... well... this will take a while

Text Version: https://liveoverflow.com/why-pick-sudo-research-target-part-1/
GitHub Project: 2021-04-29 16:48:17 +0000 UTC View Post