The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk ...
2021-04-22 15:40:26 +0000 UTC
View Post
Do you have a linux server and do you know how to prevent getting hacked? In this video we will critically discuss a few best practices. The video can be summarized as: "a lot of fluff, not much us...
2021-04-15 15:40:23 +0000 UTC
View Post
I made every video I ever wanted to make... At least that's how I feel. I feel like "Everything I know I have shared in my over 300 videos". I recently celebrated 6 years on YouTube, and it made me...
2021-04-07 17:06:25 +0000 UTC
View Post
In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge abo...
2021-03-17 18:22:51 +0000 UTC
View Post
A troubleshooting video about a binary exploitation challenge. Should fit well into the binary exploitation playlist
2021-02-25 18:29:25 +0000 UTC
View Post
When I looked at another SerenityOS exploit, I learned something new! The hack is very creative and directly interacts with hardware. I never really understood how modern CPUs interact with periphe...
2021-02-14 17:59:25 +0000 UTC
View Post
When I saw how easy it is for Andreas to find bugs in his own code, and even write exploits for it, I thought about the relationship between hacking and coding skills. And it's not surprising that ...
2021-02-05 21:18:22 +0000 UTC
View Post
Part two of analysing the Serenity wisdom2 exploit
2021-01-23 01:40:11 +0000 UTC
View Post
Let's have a look at a kernel local privilege escalation exploit in SerenityOS! And why it is beneficial to learn about it, even though it's not a widely used OS.
2021-01-10 20:49:39 +0000 UTC
View Post
This is the last set of videos for my advents calendar. The last video is a more regular video that I scripted and edited.
The third set of videos for the December t-shirt project, only one more set to go.
This is the second set of December videos!
Hellooo o/
This is the first Patreon bundle for the December project.
We are going to solve the Nintendo HireMe.cpp challenge with some "basic" math. I call it basic, because linear algebra is taught pretty early in school. But I know it is not so easy to figure out ...
2020-11-26 18:05:54 +0000 UTC
View Post
Hey everyone, last year I made 24 daily videos as an "advents calendar" (https://www.you...
2020-11-20 10:24:09 +0000 UTC
View Post
Difficult programming and reverse-engineering challenge by Nintendo European Research & Development (NERD). In this first part I have a first look at the challenge and try different stuff. In t...
2020-11-19 18:14:05 +0000 UTC
View Post
Get a unique insight into how hacking really looks like. This is a live recording and commentary of the ALLES! CTF Team playing the Google CTF finals hackceler8. After we have placed 8th in the Goo...
2020-11-07 23:50:38 +0000 UTC
View Post
Let's explore what a file format is, and provide a different view on it. We dive into polyglots, file format research and the impact on security.
Funky File Formats Talk: 2020-10-26 17:56:23 +0000 UTC
View Post
I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could j...
2020-10-18 19:17:39 +0000 UTC
View Post
In the second part we are building on top of what we have learned. We figure out how to craft something special out of a very limited script gadget. Eventually we can use it to leak the secret note...
2020-10-08 17:23:10 +0000 UTC
View Post
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.
Chall...
2020-09-28 19:41:17 +0000 UTC
View Post
Try chatting with tech support about getting a flag. There is a very easy XSS in the support chat, but the problem is, the XSS is on the wrong domain. So we can't easily grab the flag.
2020-09-18 15:50:49 +0000 UTC
View Post
Easy web challenge from the Google CTF. XSS a paste service.
Challenge: https://capturethef...
2020-09-09 15:49:01 +0000 UTC
View Post
It turns out, I have a favorite number over 1 million! Let me show you why 1094795585 is special to me and to many hackers.
#MegaFavNumbers Playlist: 2020-09-01 17:04:08 +0000 UTC
View Post
The last day from my trip to the Google CTF Finals 2019 in London.
Hardware challenge "Having a Blast" from the Google CTF Finals. It can be compared to the "Keep Talking and Nobody Explodes".
Day 1 of the Google CTF Finals 2019
2020-08-12 16:59:17 +0000 UTC
View Post
In December 2019 I was invited by Google to come to London for the Google CTF finals. This Vlog is about my second day where I listened to some bug hunter talks and met students at init.G.
I'...
2020-08-08 17:04:22 +0000 UTC
View Post
A very interesting Cross-site Scripting Issue in gDocs Spreadsheets. I get a chance to talk to the bug hunter Nick, as well as Google engineers to understand both sides. How did he find it? And why...
2020-07-31 15:58:33 +0000 UTC
View Post
To make a hackable MMO game, I had to think a lot about the unique game design. So we are going over challenges as well as level design and how the game evolved.
This is part 4/4. Next video ...
2020-07-08 16:34:04 +0000 UTC
View Post