Guessing vs. Not Knowing in Hacking and CTFs
I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.
Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome
Failed DOM Clobbering Research part 1/2: https://www.youtube.com/watch?v=dZXaQKEE3A8
Chaining Script Gadgets to Full XSS part 2/2: https://www.youtube.com/watch?v=UGtrpXk6QVU
00:00 - Introduction
00:37 - Steganography in CTF
01:38 - Dirbuster & Asset Discovery
02:21 - XSS Example (see description)
02:53 - Global Variables in JavaScript
03:21 - The window.name Variable
03:55 - Is this Guessing?
04:20 - Example Solution Walkthrough
06:00 - Benefits of this Challenge
07:20 - The Importance of Scanning
08:19 - Scanning vs. Reading Code
08:57 - Improve Steganography Challenges
10:22 - Summary
11:10 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Guessing vs. Not Knowing in Hacking and CTFs канала LiveOverflow
Try the XSS challenge: https://hacking.app/xss/xss_chall1.html#welcome
Failed DOM Clobbering Research part 1/2: https://www.youtube.com/watch?v=dZXaQKEE3A8
Chaining Script Gadgets to Full XSS part 2/2: https://www.youtube.com/watch?v=UGtrpXk6QVU
00:00 - Introduction
00:37 - Steganography in CTF
01:38 - Dirbuster & Asset Discovery
02:21 - XSS Example (see description)
02:53 - Global Variables in JavaScript
03:21 - The window.name Variable
03:55 - Is this Guessing?
04:20 - Example Solution Walkthrough
06:00 - Benefits of this Challenge
07:20 - The Importance of Scanning
08:19 - Scanning vs. Reading Code
08:57 - Improve Steganography Challenges
10:22 - Summary
11:10 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Instagram: https://instagram.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
Видео Guessing vs. Not Knowing in Hacking and CTFs канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
What is a File Format?
IT Security Career Advice
VLC Kill Bill: Easter Egg Reverse Engineering
Top 5 CTFs to Get Started with Ethical Hacking
CTFs are TERRIBLE!
Hacking into people's phones
Reading Kernel Source Code - Analysis of an Exploit
Running Out Of Hacking Video Ideas
Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF
CTFs are AWESOME!
Google CTF Finals 2019!
Student Finds Hidden Devices in the College Library - Are they nefarious?
How To Learn Hacking With CTFs
Root Cause Analysis With AddressSanitizer (ASan) | Ep. 06
How Do Linux Kernel Drivers Work? - Learning Resource
Format String Exploit Troubleshooting Over Twitter - bin 0x11 b
Missing HTTP Security Headers - Bug Bounty Tips
Google Paid Me to Talk About a Security Issue!
Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195