Our exploit doesn't work as the user. So now we need to investigate and figure out how we can make it work. We explore three options and implement additional code, but nothing seems to work.<...
2022-01-18 23:19:51 +0000 UTC
View Post
WE CREATED OUR FIRST EXPLOIT! In this video we were able to control the loading of a malicious library. This can be used to execute our own code as root! But it only works when executing it as root...
2022-01-11 15:22:26 +0000 UTC
View Post
To understand a crash in nss_load_function() better, we have to look at the libc source code. While doing this we find a very interesting exploit strategy using dlopen.
- Grab the ...
2022-01-03 15:03:41 +0000 UTC
View Post
In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vuln...
2021-12-24 15:46:57 +0000 UTC
View Post
Let's try to make sense of the Log4j vulnerability. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a tw...
2021-12-17 16:04:23 +0000 UTC
View Post
We are still looking for an exploit strategy for the sudo heap overflow. In this episode we look at a few crashes and decide to look into one particular case more deeply.
Also a small thank y...
2021-12-14 14:53:59 +0000 UTC
View Post
Authorization and Authentication can be confusing. In this video we look at their differences, and then focus on valid and invalid authorization bugs.
2021-12-02 15:28:50 +0000 UTC
View Post
We are getting nowhere... So we write a new tool to analyse the heap objects located after our overflowing buffer. Maybe we can learn something new!
2021-11-18 15:31:50 +0000 UTC
View Post
Have you ever heard the sentence that every device can be hacked? I have talked to several security researchers who have experience in hacking Browsers, iPhones and more, to figure out if this is t...
2021-11-04 23:08:30 +0000 UTC
View Post
In this video we are exploring a theoretical security product that automagically encrypts user data securely. But it has a fundamental design flaw which can be exploited.
2021-10-26 14:15:51 +0000 UTC
View Post
After we found some function pointers we could use for exploitation, we instructed sudo to find their heap locations. And then we are developing a script to find a heap layout usable for exploitati...
2021-10-17 15:56:46 +0000 UTC
View Post
I wrote an article about the state of the YouTube Hacker Scene for Phrack. I hope you enjoy this reading. The article can be read here: 2021-10-06 15:12:14 +0000 UTC
View Post
We develop a helper script to find function pointers we could maybe overwrite with our heap overflow. This is another episode in the sudo series.
Complete playlist: 2021-09-19 15:12:24 +0000 UTC
View Post
In this video you can see me working over 10h on hacking an Ethereum smart contract. The attack was done on a private chain, so no actual Ethereum users have been affected. This was a challenge cal...
2021-09-12 16:58:13 +0000 UTC
View Post
We have a heap buffer overflow, but how can we exploit this now? Let's discuss some of the possible strategies.
2021-09-04 14:57:31 +0000 UTC
View Post
A bit more code review of sudo to understand why it's vulnerable and what the conditions are to get there.
Lagging a bit behind with the written articles, here are the last two episodes:
<...
2021-08-11 15:54:54 +0000 UTC
View Post
... and use alert(document.domain) or alert(window.origin) instead.
Blog post version: https://liveover...
2021-07-31 15:01:18 +0000 UTC
View Post
We debug the line that causes the heap overflow. And it's a great opportunity to understand pointers in C.
The full playlist: 2021-07-24 15:18:08 +0000 UTC
View Post
This is a phishing security awareness video where I am showing you how to identify a trustworthy site. Spoiler alert: the browser address bar is the only trustworthy security indicator
2021-07-17 15:59:16 +0000 UTC
View Post
It's surprisingly easy to do security research on Firefox trying to find sandbox escapes. You should give it a try!
The Original Article: 2021-07-10 14:53:43 +0000 UTC
View Post
Now that we found a crash and got a minimal testcase last episode, we can now try to find the true location of the overflow. ASan is an invaluable tool for that.
One fuzzer found a crash. Now we need to investigate if it's a 0day or if we found the known bug. To do that we first minimize the testcase, and then perform various tests and sanity checks.
...
2021-06-25 17:29:35 +0000 UTC
View Post
What is the difference between a security vulnerability and a security risk?
2021-06-18 17:13:45 +0000 UTC
View Post
AFL helped us to find a buffer overflow. Did we find a real crash in sudo? Let's investigate it.
Files on GitHub:
2021-06-11 17:25:37 +0000 UTC
View Post
Is hacking a meritocracy? Who is not good enough to be successful? Is it just jealousy?
2021-06-04 17:34:58 +0000 UTC
View Post
A while back I started the "autobiographical" t-shirt video series about my life. I promised to continue it for members and patreons. So here we go.
Playlist: 2021-05-25 13:47:00 +0000 UTC
View Post
We are using afl to fuzz the sudo binary, but we run into a lot more issues. In this video we are troubleshooting some issues and come up with solutions.
Blog version: 2021-05-22 17:25:13 +0000 UTC
View Post
What is the difference between Pentesting and Pentesting? There are different jobs that can be described as "pentesting" and I want to talk a bit about it. This should also help you to better organ...
2021-05-15 18:16:45 +0000 UTC
View Post
sudoedit research episode 2
Let's investigate some issues we have fuzzing sudo with afl. And also explain how AFL works. After improving our fuzzing setup even more, we are finally read to st...
2021-05-08 16:18:09 +0000 UTC
View Post
Recently a serious vulnerability in sudo was announced. But how can people even find these kind of bugs? Let's talk about why we would want to look for vulnerabilities in sudo, and how we could do ...
2021-04-29 16:48:17 +0000 UTC
View Post