Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020
All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.
Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings
Pasteurize: https://www.youtube.com/watch?v=Tw7ucd2lKBk
00:00 - Intro
00:50 - Functionality Overview
01:29 - HTML Injection
02:25 - Making a Plan
02:50 - theme.js Discovering JSONP Endpoint
03:51 - user.js The User Class
04:23 - utils.js Start of Chain
04:44 - No Ideas...
05:07 - DOM Clobbering: window.load_debug
06:05 - Doing Security Research
07:25 - Anything else to clobber?
07:49 - Start from beginning, discover __debug__
08:10 - The load_debug() function
09:20 - window.name is special
09:41 - Try it yourself!
10:00 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
Видео Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020 канала LiveOverflow
Challenge: https://capturetheflag.withgoogle.com/challenges/web-littlethings
Pasteurize: https://www.youtube.com/watch?v=Tw7ucd2lKBk
00:00 - Intro
00:50 - Functionality Overview
01:29 - HTML Injection
02:25 - Making a Plan
02:50 - theme.js Discovering JSONP Endpoint
03:51 - user.js The User Class
04:23 - utils.js Start of Chain
04:44 - No Ideas...
05:07 - DOM Clobbering: window.load_debug
06:05 - Doing Security Research
07:25 - Anything else to clobber?
07:49 - Start from beginning, discover __debug__
08:10 - The load_debug() function
09:20 - window.name is special
09:41 - Try it yourself!
10:00 - Outro
-=[ ❤️ Support ]=-
→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ 🐕 Social ]=-
→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/
-=[ 📄 P.S. ]=-
Видео Failed DOM Clobbering Research - All The Little Things 1/2 (web) Google CTF 2020 канала LiveOverflow
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020](https://i.ytimg.com/vi/UGtrpXk6QVU/default.jpg)
![](https://i.ytimg.com/vi/rB4IEhk235c/default.jpg)
![9 Little Things That Reveals A Lot About You](https://i.ytimg.com/vi/yB7poNxWfVA/default.jpg)
![CSRF Introduction and what is the Same-Origin Policy? - web 0x04](https://i.ytimg.com/vi/KaEj_qZgiKY/default.jpg)
![First time in Las Vegas for BlackHat, DEF CON and more...](https://i.ytimg.com/vi/B8saYocsI-U/default.jpg)
![Google CTF: Beginner Quest: OCR IS COOL! (Simple Cryptography)](https://i.ytimg.com/vi/j9xht4K-MBk/default.jpg)
![Google CTF Finals 2019!](https://i.ytimg.com/vi/PBvthC7soS4/default.jpg)
![Winners of Google Capture-The-Flag Finals 2019 🏳️](https://i.ytimg.com/vi/T1lP1b89_cc/default.jpg)
![XSS a Paste Service - Pasteurize (web) Google CTF 2020](https://i.ytimg.com/vi/Tw7ucd2lKBk/default.jpg)
![How SUDO on Linux was HACKED! // CVE-2021-3156](https://i.ytimg.com/vi/TLa2VqcGGEQ/default.jpg)
![Threat Models - Hardware Wallet Research #1](https://i.ytimg.com/vi/MoGzPQhwW9s/default.jpg)
![Reverse Engineering Obfuscated JavaScript](https://i.ytimg.com/vi/8UqHCrGdxOM/default.jpg)
![Integer Overflows: When 15 + 1 doesn't equal 16 [Capture The Flag Fundamentals]](https://i.ytimg.com/vi/3qD3ybBwcFA/default.jpg)
![Student Finds Hidden Devices in the College Library - Are they nefarious?](https://i.ytimg.com/vi/UeAKTjx_eKA/default.jpg)
![DO NOT design your network like this!! // FREE CCNA // EP 6](https://i.ytimg.com/vi/wwwAXlE4OtU/default.jpg)
![How to Find and Exploit XSS DOM Cloberring - XSS in GMail](https://i.ytimg.com/vi/kffD6aEEPAI/default.jpg)
![Igniting Creativity for a (Hacking) Game - Game Devlog #2](https://i.ytimg.com/vi/f5LRrPPC09o/default.jpg)
![Steganography (1/2) BsidesCT CTF 2018](https://i.ytimg.com/vi/sChN6o06jDM/default.jpg)
![Failing easy local file inclusion challenge - mindreader (misc) Google CTF 2017](https://i.ytimg.com/vi/0TPXvpaiYWc/default.jpg)
![b00t2root19 CTF: EasyPHP [PHP Web Exploits]](https://i.ytimg.com/vi/KOy6QFKZFGQ/default.jpg)