Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.
Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings
Pasteurize: https://www.youtube.com/watch?v=Tw7ucd2lKBk
00:00 - Intro
00:50 - Functionality Overview
01:29 - HTML Injection
02:25 - Making a Plan
02:50 - theme.js Discovering JSONP Endpoint
03:51 - user.js The User Class
04:23 - utils.js Start of Chain
04:44 - No Ideas...
05:07 - DOM Clobbering: window.load_debug
06:05 - Doing Security Research
07:25 - Anything else to clobber?
07:49 - Start from beginning, discover __debug__
08:10 - The load_debug() function
09:20 - window.name is special
09:41 - Try it yourself!
10:00 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
Видео Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020 канала LiveOverflow
Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings
Pasteurize: https://www.youtube.com/watch?v=Tw7ucd2lKBk
00:00 - Intro
00:50 - Functionality Overview
01:29 - HTML Injection
02:25 - Making a Plan
02:50 - theme.js Discovering JSONP Endpoint
03:51 - user.js The User Class
04:23 - utils.js Start of Chain
04:44 - No Ideas...
05:07 - DOM Clobbering: window.load_debug
06:05 - Doing Security Research
07:25 - Anything else to clobber?
07:49 - Start from beginning, discover __debug__
08:10 - The load_debug() function
09:20 - window.name is special
09:41 - Try it yourself!
10:00 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
Видео Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020
9 Little Things That Reveals A Lot About You
CSRF Introduction and what is the Same-Origin Policy? - web 0x04
First time in Las Vegas for BlackHat, DEF CON and more...
Google CTF: Beginner Quest: OCR IS COOL! (Simple Cryptography)
Google CTF Finals 2019!
Winners of Google Capture-The-Flag Finals 2019 🏳️
XSS a Paste Service - Pasteurize (web) Google CTF 2020
How SUDO on Linux was HACKED! // CVE-2021-3156
Threat Models - Hardware Wallet Research #1
Reverse Engineering Obfuscated JavaScript![Integer Overflows: When 15 + 1 doesn't equal 16 [Capture The Flag Fundamentals]](https://i.ytimg.com/vi/3qD3ybBwcFA/default.jpg)
Integer Overflows: When 15 + 1 doesn't equal 16 [Capture The Flag Fundamentals]
Student Finds Hidden Devices in the College Library - Are they nefarious?
DO NOT design your network like this!! // FREE CCNA // EP 6
How to Find and Exploit XSS DOM Cloberring - XSS in GMail
Igniting Creativity for a (Hacking) Game - Game Devlog #2
Steganography (1/2) BsidesCT CTF 2018
Failing easy local file inclusion challenge - mindreader (misc) Google CTF 2017![b00t2root19 CTF: EasyPHP [PHP Web Exploits]](https://i.ytimg.com/vi/KOy6QFKZFGQ/default.jpg)
b00t2root19 CTF: EasyPHP [PHP Web Exploits]