SamSuka
LiveOverflow

LiveOverflow

patreon


LiveOverflow activity

Critical Sudo Vulnerability Walkthrough - CVE-2021-3156

The most comprehensive video covering the sudo vulnerability CVE-2021-3156 Baron Samedit. I spent two weeks on rediscovering, analysing and exploitation of the sudoedit heap overflow. We will talk about fuzzing, code review, exploit strategies, heap feng shui and developing the exploit. 

...

View Post

Protect Linux Server From Hackers

Do you have a linux server and do you know how to prevent getting hacked? In this video we will critically discuss a few best practices. The video can be summarized as: "a lot of fluff, not much use".

Prefer to read? Blog article version: 2021-04-15 15:40:23 +0000 UTC View Post

Running Out Of Hacking Video Ideas

I made every video I ever wanted to make... At least that's how I feel. I feel like "Everything I know I have shared in my over 300 videos". I recently celebrated 6 years on YouTube, and it made me think about the state of the channel and the struggle of finding new video ideas.

Website: View Post

Hacking into Google's Network for $133,337

In this video we hear the story how Ezequiel Pereira found a critical vulnerability in Google Cloud and was awarded $164,674 in total. This is a crazy bug, because it requires so much knowledge about Google internals. We will learn about Google's Global Software Load Balancer, BNS addresses and o...

View Post

Format String Exploit Troubleshooting Over Twitter - bin 0x11 b

A troubleshooting video about a binary exploitation challenge. Should fit well into the binary exploitation playlist 

https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9...

View Post

How CPUs Access Hardware - Another SerenityOS Exploit

When I looked at another SerenityOS exploit, I learned something new! The hack is very creative and directly interacts with hardware. I never really understood how modern CPUs interact with peripherals, so this was very interesting to me.

View Post

Does Hacking Require Programming Skills?

When I saw how easy it is for Andreas to find bugs in his own code, and even write exploits for it, I thought about the relationship between hacking and coding skills. And it's not surprising that decades of programming experience can easily transferred to hacking skills! 

LiveOverflow...

View Post

Reading Kernel Source Code - Analysis of an Exploit

Part two of analysing the Serenity wisdom2 exploit

View Post

Kernel Root Exploit via a ptrace() and execve() Race Condition

Let's have a look at a kernel local privilege escalation exploit in SerenityOS! And why it is beneficial to learn about it, even though it's not a widely used OS.

View Post

December Project Video Bundle #4

This is the last set of videos for my advents calendar. The last video is a more regular video that I scripted and edited.

December Project Video Bundle #3

The third set of videos for the December t-shirt project, only one more set to go.

December Project Video Bundle #2

This is the second set of December videos!

December Project Video Bundle #1

Hellooo o/

This is the first Patreon bundle for the December project.

Solving Nintendo HireMe!!! with "Basic" Math

We are going to solve the Nintendo HireMe.cpp challenge with some "basic" math. I call it basic, because linear algebra is taught pretty early in school. But I know it is not so easy to figure out that it can be used here. Also the trick with GF2 is math that you would only learn at university. B...

View Post

Plans for December - Warning!!

Hey everyone, last year I made 24 daily videos as an "advents calendar" (https://www.youtube.com/playlist?list=PLhixgUqwRTjzTvVyL_8H-DJBf8VT3uiu2 ). This year I will do something simil...

View Post

Nintendo Hire me!!!!!!!!

Difficult programming and reverse-engineering challenge by Nintendo European Research & Development (NERD). In this first part I have a first look at the challenge and try different stuff. In the next video we talk about the solution.

HireMe.cpp: 2020-11-19 18:14:05 +0000 UTC View Post

How Hacking Actually Looks Like - ALLES! CTF Team in Real Time

Get a unique insight into how hacking really looks like. This is a live recording and commentary of the ALLES! CTF Team playing the Google CTF finals hackceler8. After we have placed 8th in the Google CTF 2020, we were invited to a special finals event, which was speed hacking against 3 other tea...

View Post

What is a File Format?

Let's explore what a file format is, and provide a different view on it. We dive into polyglots, file format research and the impact on security. 

Funky File Formats Talk: https://www.youtube.com/watch?v=hd...

View Post

Guessing vs. Not Knowing in Hacking and CTFs

I really hate it when I have to guess stuff. This applies to CTFs, but also to my real-world work in penetration testing. It is incredibly frustrating to bruteforce or guess something, that could just be read in the source code. I much rather focus on technical details, tricks and techniques.&nbs...

View Post

Chaining Script Gadgets to Full XSS - All The Little Things 2/2 (web) Google CTF 2020

In the second part we are building on top of what we have learned. We figure out how to craft something special out of a very limited script gadget. Eventually we can use it to leak the secret notes ID and notes content.  

Part 1: View Post

CTF Web Challenge Recon - All The Little Things 1/2 (web) Google CTF 2020

All The Little Things was a pretty hard web challenge from the Google CTF 2020. In this video we do some initial recon and research and try to find an angle to attack. Part 1/2.  

Challenge: 2020-09-28 19:41:17 +0000 UTC View Post

XSS on the Wrong Domain T_T - Tech Support (web) Google CTF 2020

Try chatting with tech support about getting a flag. There is a very easy XSS in the support chat, but the problem is, the XSS is on the wrong domain. So we can't easily grab the flag.  

Challenge: 2020-09-18 15:50:49 +0000 UTC View Post

XSS a Paste Service - Pasteurize (web) Google CTF 2020

Easy web challenge from the Google CTF. XSS a paste service.

Challenge: https://capturetheflag.withgoogle.com/challenges/web-pasteurize

View Post

Why Hackers Love the Number 1,094,795,585

It turns out, I have a favorite number over 1 million! Let me show you why 1094795585 is special to me and to many hackers.

#MegaFavNumbers Playlist: https://www.youtube.com/playlist...

View Post

Winners of Google Capture-The-Flag Finals 2019 🏳️

The last day from my trip to the Google CTF Finals 2019 in London.

Defusing a Bomb at Google London HQ - Having a Blast Google CTF Finals 2019 (hardware)

 Hardware challenge "Having a Blast" from the Google CTF Finals. It can be compared to the "Keep Talking and Nobody Explodes".

Google CTF Finals 2019! - Escal8 2019 Day 3

Day 1 of the Google CTF Finals 2019

View Post

Bug Hunter Talks & Init.G for Student - Escal8 2019 Day 2

In December 2019 I was invited by Google to come to London for the Google CTF finals. This Vlog is about my second day where I listened to some bug hunter talks and met students at init.G.

I'm going through my backlog and will be releasing the remaining days of the trip. Including some inte...

View Post

JavaScript Gadgets! Google Docs XSS Vulnerability Walkthrough

A very interesting Cross-site Scripting Issue in gDocs Spreadsheets. I get a chance to talk to the bug hunter Nick, as well as Google engineers to understand both sides. How did he find it? And why did this vulnerability exist in the first place?

View Post

MMO Hacking Game Design in Unity (IL2CPP) - Game Devlog #4

To make a hackable MMO game, I had to think a lot about the unique game design. So we are going over challenges as well as level design and how the game evolved.

This is part 4/4. Next video will be back to "regular" content.

View Post