Attacking Language Server JSON RPC
While auditing a VSCode Extension + Language Server I noticed something interesting. This turned into the research question "can we attack the extension from the browser?". After a bit of preliminary research I decided to do it again on stream, and eventually made this video. This is how security research can look like.
What is a Server? https://www.youtube.com/watch?v=VXmvM2QtuMU
What is a Protocol? https://www.youtube.com/watch?v=d-zn-wv4Di8
GitLab 11.4.7 RCE https://www.youtube.com/watch?v=LrLJuyAdoAg
Live Stream: https://www.youtube.com/watch?v=jc7S6TtLK_c
My Font (advertisement): https://shop.liveoverflow.com/
Interested in more videos like this? https://www.youtube.com/playlist?list=PLhixgUqwRTjzSTVPNZduVzMY1yebFrA9m
Chapters:
00:00 - Why Security Research?
01:23 - What is a Language Server?
02:53 - Setup Example Code
04:00 - RCE in VSCode Extension?
05:25 - The Language Server Code
06:29 - Researching Communication
11:13 - Can a Browser Attack the VSCode Extension?
13:54 - Research Results
15:40 - Ad n' Outro
=[ ❤️ Support ]=
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Attacking Language Server JSON RPC канала LiveOverflow
What is a Server? https://www.youtube.com/watch?v=VXmvM2QtuMU
What is a Protocol? https://www.youtube.com/watch?v=d-zn-wv4Di8
GitLab 11.4.7 RCE https://www.youtube.com/watch?v=LrLJuyAdoAg
Live Stream: https://www.youtube.com/watch?v=jc7S6TtLK_c
My Font (advertisement): https://shop.liveoverflow.com/
Interested in more videos like this? https://www.youtube.com/playlist?list=PLhixgUqwRTjzSTVPNZduVzMY1yebFrA9m
Chapters:
00:00 - Why Security Research?
01:23 - What is a Language Server?
02:53 - Setup Example Code
04:00 - RCE in VSCode Extension?
05:25 - The Language Server Code
06:29 - Researching Communication
11:13 - Can a Browser Attack the VSCode Extension?
13:54 - Research Results
15:40 - Ad n' Outro
=[ ❤️ Support ]=
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
2nd Channel: https://www.youtube.com/LiveUnderflow
=[ 🐕 Social ]=
→ Twitter: https://twitter.com/LiveOverflow/
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok: https://www.tiktok.com/@liveoverflow_
→ Instagram: https://instagram.com/LiveOverflow/
→ Blog: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Attacking Language Server JSON RPC канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Hacker Tweets ExplainedZenbleed (CVE-2023-20593)Hacking Google Cloud?Trying to Find a Bug in WordPressAuthentication Bypass Using Root ArrayMy YouTube Financials - The Future of LiveOverflowDefending LLM - Prompt InjectionAccidental LLM Backdoor - Prompt TricksAttacking LLM - Prompt InjectionOur Future As Hackers Is At Stake!Cyber Security Challenge Germany (2023)Cybercrime is Not Hacking!Advanced Teleport Hack (stolen from cheaters)VPNs, Proxies and Secure Tunnels Explained (Deepdive)I’m moving, no videos sorryComputer Networking (Deepdive)Revisiting 2b2t Tamed Animal Coordinate ExploitPain in your Hand (RSI)?What is a Protocol? (Deepdive)The Future Of Hacking #shorts