FapsParty
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

Critical Sudo Vulnerability Walkthrough - CVE-2021-3156

LiveOverflow post Critical Sudo Vulnerability Walkthrough - CVE-2021-3156

The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit. 

Article: https://liveoverflow.com/critical-sudo-vulnerability-walkthrough-cve-202...

View Post

Protect Linux Server From Hackers

LiveOverflow post Protect Linux Server From Hackers

Do you have a linux server and do you know how to prevent getting hacked? In this video we will critically discuss a few best practices. The video can be summarized as: "a lot of fluff, not much use".

Prefer to read? Blog article version: https://liveoverflow.com/protect-linux-server-from-hackers/ 

View Post

Running Out Of Hacking Video Ideas

LiveOverflow post Running Out Of Hacking Video Ideas

I made every video I ever wanted to make... At least that's how I feel. I feel like "Everything I know I have shared in my over 300 videos". I recently celebrated 6 years on YouTube, and it made me think about the state of the channel and the struggle of finding new video ideas.

Website: https://liveoverflow.com/ 

All Playlists: 2021-04-07 17:06:25 +0000 UTC View Post

Hacking into Google's Network for $133,337

LiveOverflow post Hacking into Google's Network for $133,337

In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software Load Balancer, BNS addresses and other Google secret tricks!

Ezequiel's writeup: https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html View Post

Format String Exploit Troubleshooting Over Twitter - bin 0x11 b

LiveOverflow post Format String Exploit Troubleshooting Over Twitter - bin 0x11 b

A troubleshooting video about a binary exploitation challenge. Should fit well into the binary exploitation playlist 

https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN 

View Post

How CPUs Access Hardware - Another SerenityOS Exploit

LiveOverflow post How CPUs Access Hardware - Another SerenityOS Exploit

When I looked at another SerenityOS exploit, I learned something new! The hack is very creative and directly interacts with hardware. I never really understood how modern CPUs interact with peripherals, so this was very interesting to me.

View Post

Does Hacking Require Programming Skills?

LiveOverflow post Does Hacking Require Programming Skills?

When I saw how easy it is for Andreas to find bugs in his own code, and even write exploits for it, I thought about the relationship between hacking and coding skills. And it's not surprising that decades of programming experience can easily transferred to hacking skills! 

LiveOverflow Playlists: https://www.youtube.com/c/LiveOverflowCTF/playlists
Andreas Kling: 2021-02-05 21:18:22 +0000 UTC View Post

Reading Kernel Source Code - Analysis of an Exploit

LiveOverflow post Reading Kernel Source Code - Analysis of an Exploit

Part two of analysing the Serenity wisdom2 exploit

View Post

Kernel Root Exploit via a ptrace() and execve() Race Condition

LiveOverflow post Kernel Root Exploit via a ptrace() and execve() Race Condition

Let's have a look at a kernel local privilege escalation exploit in SerenityOS! And why it is beneficial to learn about it, even though it's not a widely used OS.

View Post

December Project Video Bundle #4

LiveOverflow post December Project Video Bundle #4

This is the last set of videos for my advents calendar. The last video is a more regular video that I scripted and edited.

December Project Video Bundle #3

LiveOverflow post December Project Video Bundle #3

The third set of videos for the December t-shirt project, only one more set to go.

December Project Video Bundle #2

LiveOverflow post December Project Video Bundle #2

This is the second set of December videos!

December Project Video Bundle #1

LiveOverflow post December Project Video Bundle #1

Hellooo o/

This is the first Patreon bundle for the December project.

Solving Nintendo HireMe!!! with "Basic" Math

LiveOverflow post Solving Nintendo HireMe!!! with "Basic" Math

We are going to solve the Nintendo HireMe.cpp challenge with some "basic" math. I call it basic, because linear algebra is taught pretty early in school. But I know it is not so easy to figure out that it can be used here. Also the trick with GF2 is math that you would only learn at university. But if you would watch my videos, you would have know it from the software_update video writeup ;)

Watch part 1 - Introduction: 2020-11-26 18:05:54 +0000 UTC View Post

Plans for December - Warning!!

LiveOverflow post Plans for December - Warning!!

Hey everyone, last year I made 24 daily videos as an "advents calendar" (https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2 ). This year I will do something similar! I had the idea of telling stories from my path into IT security, by looking at (con) t-shirts I picked up along the way. The image above is a preview of the first 10 episodes.

Because Patreo...

View Post

Nintendo Hire me!!!!!!!!

LiveOverflow post Nintendo Hire me!!!!!!!!

Difficult programming and reverse-engineering challenge by Nintendo European Research & Development (NERD). In this first part I have a first look at the challenge and try different stuff. In the next video we talk about the solution.

HireMe.cpp: https://www.nerd.nintendo.com/files/HireMe
Working at NERD: https://www.nerd.ninten...

View Post

How Hacking Actually Looks Like - ALLES! CTF Team in Real Time

LiveOverflow post How Hacking Actually Looks Like - ALLES! CTF Team in Real Time

Get a unique insight into how hacking really looks like. This is a live recording and commentary of the ALLES! CTF Team playing the Google CTF finals hackceler8. After we have placed 8th in the Google CTF 2020, we were invited to a special finals event, which was speed hacking against 3 other teams. Unfortunately we only got 2nd place in our group, but I'm still proud of what this team has built in a short amount of time.

View Post

What is a File Format?

LiveOverflow post What is a File Format?

Let's explore what a file format is, and provide a different view on it. We dive into polyglots, file format research and the impact on security. 

Funky File Formats Talk: https://www.youtube.com/watch?v=hdCs6bPM4is 

corkami/mitra tool: 2020-10-26 17:56:23 +0000 UTC View Post

Guessing vs. Not Knowing in Hacking and CTFs

LiveOverflow post Guessing vs. Not Knowing in Hacking and CTFs

I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques. 

Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome

Failed DOM Clobbering Research par...

View Post

Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020

LiveOverflow post Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020

In the second part we are building on top of what we have learned. We figure out how to craft something special out of a very limited script gadget. Eventually we can use it to leak the secret notes ID and notes content.  

Part 1: https://www.youtube.com/watch?v=dZXaQKEE3A8
Challenge: https://cap...

View Post

CTF Web Challenge Recon - All The Little Things 1/2 (web) Google CTF 2020

LiveOverflow post CTF Web Challenge Recon - All The Little Things 1/2 (web) Google CTF 2020

All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.  

Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings
Pasteurize: https://www.youtube.com/wat...

View Post

XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020

LiveOverflow post XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020

Try chatting with tech support about getting a flag. There is a very easy XSS in the support chat, but the problem is, the XSS is on the wrong domain. So we can't easily grab the flag.  

Challenge: https://capturetheflag.withgoogle.com/challenges/web-typeselfsub
Tech Support: https://typeselfsub.w...

View Post

XSS a Paste Service - Pasteurize (web) Google CTF 2020

LiveOverflow post XSS a Paste Service - Pasteurize (web) Google CTF 2020

Easy web challenge from the Google CTF. XSS a paste service.

Challenge: https://capturetheflag.withgoogle.com/challenges/web-pasteurize

View Post

Why Hackers Love the Number 1,094,795,585

LiveOverflow post Why Hackers Love the Number 1,094,795,585

It turns out, I have a favorite number over 1 million! Let me show you why 1094795585 is special to me and to many hackers.

#MegaFavNumbers Playlist: https://www.youtube.com/playlist?list=PLar4u0v66vIodqt3KSZPsYyuULD5meoAo

View Post

Winners of Google Capture-The-Flag Finals 2019 🏳️

LiveOverflow post Winners of Google Capture-The-Flag Finals 2019 🏳️

The last day from my trip to the Google CTF Finals 2019 in London.


View Post

Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)

LiveOverflow post Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)

 Hardware challenge "Having a Blast" from the Google CTF Finals. It can be compared to the "Keep Talking and Nobody Explodes".

Google CTF Finals 2019! - Escal8 2019 Day 3

LiveOverflow post Google CTF Finals 2019! - Escal8 2019 Day 3

Day 1 of the Google CTF Finals 2019

View Post

Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2

LiveOverflow post Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2

In December 2019 I was invited by Google to come to London for the Google CTF finals. This Vlog is about my second day where I listened to some bug hunter talks and met students at init.G.

I'm going through my backlog and will be releasing the remaining days of the trip. Including some interviews with CTF authors and details about challenges.

View Post

JavaScript Gadgets! Google Docs XSS Vulnerability Walkthrough

LiveOverflow post JavaScript Gadgets! Google Docs XSS Vulnerability Walkthrough

A very interesting Cross-site Scripting Issue in gDocs Spreadsheets. I get a chance to talk to the bug hunter Nick, as well as Google engineers to understand both sides. How did he find it? And why did this vulnerability exist in the first place?

View Post

MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4

LiveOverflow post MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4

To make a hackable MMO game, I had to think a lot about the unique game design. So we are going over challenges as well as level design and how the game evolved.

This is part 4/4. Next video will be back to "regular" content.

View Post