Guessing vs. Not Knowing in Hacking and CTFs
I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.
Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome
Failed DOM Clobbering Research part 1/2: https://www.youtube.com/watch?v=dZXaQKEE3A8
Chaining Script Gadgets to Full XSS part 2/2: https://www.youtube.com/watch?v=UGtrpXk6QVU
00:00 - Introduction
00:37 - Steganography in CTF
01:38 - Dirbuster & Asset Discovery
02:21 - XSS Example (see description)
02:53 - Global Variables in JavaScript
03:21 - The window.name Variable
03:55 - Is this Guessing?
04:20 - Example Solution Walkthrough
06:00 - Benefits of this Challenge
07:20 - The Importance of Scanning
08:19 - Scanning vs. Reading Code
08:57 - Improve Steganography Challenges
10:22 - Summary
11:10 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Guessing vs. Not Knowing in Hacking and CTFs канала LiveOverflow
Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome
Failed DOM Clobbering Research part 1/2: https://www.youtube.com/watch?v=dZXaQKEE3A8
Chaining Script Gadgets to Full XSS part 2/2: https://www.youtube.com/watch?v=UGtrpXk6QVU
00:00 - Introduction
00:37 - Steganography in CTF
01:38 - Dirbuster & Asset Discovery
02:21 - XSS Example (see description)
02:53 - Global Variables in JavaScript
03:21 - The window.name Variable
03:55 - Is this Guessing?
04:20 - Example Solution Walkthrough
06:00 - Benefits of this Challenge
07:20 - The Importance of Scanning
08:19 - Scanning vs. Reading Code
08:57 - Improve Steganography Challenges
10:22 - Summary
11:10 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Guessing vs. Not Knowing in Hacking and CTFs канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![What is a File Format?](https://i.ytimg.com/vi/VVdmmN0su6E/default.jpg)
![](https://i.ytimg.com/vi/rB4IEhk235c/default.jpg)
![IT Security Career Advice](https://i.ytimg.com/vi/Oc8QQxyzjjQ/default.jpg)
![VLC Kill Bill: Easter Egg Reverse Engineering](https://i.ytimg.com/vi/k4MnqaYZIY4/default.jpg)
![Top 5 CTFs to Get Started with Ethical Hacking](https://i.ytimg.com/vi/k3qvzjRrjCc/default.jpg)
![CTFs are TERRIBLE!](https://i.ytimg.com/vi/lxJpKUoX-6E/default.jpg)
![Hacking into people's phones](https://i.ytimg.com/vi/TMqsa5cCfvM/default.jpg)
![Reading Kernel Source Code - Analysis of an Exploit](https://i.ytimg.com/vi/oIAP1_NrSbY/default.jpg)
![Running Out Of Hacking Video Ideas](https://i.ytimg.com/vi/LMFY3NvNITY/default.jpg)
![Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF](https://i.ytimg.com/vi/TpdDq56KH1I/default.jpg)
![CTFs are AWESOME!](https://i.ytimg.com/vi/L2C8rVO2lAg/default.jpg)
![Google CTF Finals 2019!](https://i.ytimg.com/vi/PBvthC7soS4/default.jpg)
![Student Finds Hidden Devices in the College Library - Are they nefarious?](https://i.ytimg.com/vi/UeAKTjx_eKA/default.jpg)
![How To Learn Hacking With CTFs](https://i.ytimg.com/vi/Lus7aNf2xDg/default.jpg)
![Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06](https://i.ytimg.com/vi/_W3D_0erZ00/default.jpg)
![How Do Linux Kernel Drivers Work? - Learning Resource](https://i.ytimg.com/vi/juGNPLdjLH4/default.jpg)
![Format String Exploit Troubleshooting Over Twitter - bin 0x11 b](https://i.ytimg.com/vi/F6UerHkVdLA/default.jpg)
![Missing HTTP Security Headers - Bug Bounty Tips](https://i.ytimg.com/vi/064yDG7Rz80/default.jpg)
![Google Paid Me to Talk About a Security Issue!](https://i.ytimg.com/vi/E-P9USG6kLs/default.jpg)
![Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195](https://i.ytimg.com/vi/Lj2YRCXCBv8/default.jpg)