DoujinStars
LiveOverflow

LiveOverflow

patreon


LiveOverflow posts

Minetest - Google CTF 2019 Qualifier

Minetest - Google CTF 2019 Qualifier

 CTF video write-up about the Minetest challenge from the Google CTF 2019 Qualifier. It's similar to Blocky's Revenge from Pwn Adventure 3

blog:  https://liveoverflow.com/minetest/ 

View Post

Arbitrary Read and Write in WebKit Exploit - browser 0x08

Arbitrary Read and Write in WebKit Exploit - browser 0x08

 Putting it all together. Achieving arbitrary read/write with the WebKit exploit.

video: https://www.youtube.com/watch?v=uY4FQNwS4ME
blog:  2019-07-21 11:37:13 +0000 UTC View Post

Preparing for Stage 2 of a WebKit exploit - browser 0x7

Preparing for Stage 2 of a WebKit exploit - browser 0x7

 

We arrange and fake JavaScript objects to create some crazy memory layout ✨🤩✨
This preparation is the necessary foundation to achieve arbitrary read/write in the next episode.

video: htt...

View Post

(BONUS) Commentary Video of Speedrun-001 Challenge

(BONUS) Commentary Video of Speedrun-001 Challenge

This is the bonus video for the members on Patreon on YouTube. I hope you enjoy this additional real-time commentary video. If you would compare this style of video with the main video, do you like a particular style more? What do you think has more value and what is more fun to watch? 

<...

View Post

Speedrun Hacking Buffer Overflow - speedrun-001 DC27

Speedrun Hacking Buffer Overflow - speedrun-001 DC27

This week we have another CTF video. It was a simple buffer overflow speedrun challenge, exploited with a ROP chain generated by Ropper. But we also analyse my timeline of the run. 

blog:   View Post

Pledge per Video Data

Pledge per Video Data

Hey Patrons,

June was interesting , because five videos fell into the month.
As you know, here on Patreon you are supporting each video, but you can also set a monthly limit. In my introduction video about Patreon, I encouraged you to do that, because this tells me how frequent the video...

View Post

Revisiting JavaScriptCore Internals: boxed vs. unboxed

Revisiting JavaScriptCore Internals: boxed vs. unboxed

Part 6:  We go over the boxed vs. unboxed values, how to convert Integer addresses to Doubles and why our bug is a memory corruption. 

blog: https://live...

View Post

The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption - browser 0x05

The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption - browser 0x05

 In this video we introduce the fakeobj() primitive. It's based on the bug used in addrof() and allows us to corrupt the memory of internal JavaScriptCore objects 


blog:  2019-06-23 11:37:25 +0000 UTC View Post

WebKit RegExp Exploit addrof() walk-through - browser 0x04

WebKit RegExp Exploit addrof() walk-through - browser 0x04

 We finally look at the actual exploit code! We start with the addrof() primitive, which can leak the address of a JavaScript object in memory.


blog:  ht...

View Post

The YouTube Curse

The YouTube Curse

It's clear that a series like the current Browser Exploitation series is not interesting to many people. Most of you might not even watch it :D But I get more positive feedback and "thank you" messages from them, than from any of the more successful and entertaining videos. So while those videos ...

View Post

Just-in-time Compiler in JavaScriptCore - browser 0x03

Just-in-time Compiler in JavaScriptCore - browser 0x03

In this video we have a first look at the WebKit JIT compiler - the part that converts JavaScript bytecode to machine code.

blog: https://liveoverflow.com/just-in-time-compil...

View Post

Twitch

Twitch

Hey Patrons,
today I have streamed again on Twitch!

I want to build Ben Eater’s 8-bit computer. But the topic doesn’t really fit on the main channel. So I wanted to make a second channel where I can just archive them and maybe share some other unrelated videos.
But first I need ...

View Post

The Butterfly of JSObject - browser 0x02

The Butterfly of JSObject - browser 0x02

 Last video we learned how to debug WebKit. Now we can use that to look at how JavaScriptCore implements objects and values like integers and floats. And why there is such a thing like a "butterfly" 

blog:  2019-06-02 11:37:24 +0000 UTC View Post

Setup and Debug JavaScriptCore / WebKit

Setup and Debug JavaScriptCore / WebKit

We are going to try out Linus's exploit, setup a vulnerable WebKit version and learn how we can explore the internals and debug JSC.

blog:  https://liveoverflow.com/setup-an...

View Post

New Series: Getting Into Browser Exploitation - browser 0x00

New Series: Getting Into Browser Exploitation - browser 0x00

The start of a new series. We will try to learn some basics about browser exploitation. Specifically we will look at JavaScriptCore - the JavaScript engine from WebKit.

blog: 2019-05-19 11:37:32 +0000 UTC View Post

The Origin of Script Kiddie - Hacker Etymology

The Origin of Script Kiddie - Hacker Etymology

 Where does the term "script kiddie" come from? Who said it first? Let's do some hacker history research! 

 https://liveoverflow.com/the-origin-of-script-kiddie-hacker-e...

View Post

Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs

Unpacking Redaman Malware & Basics of Self-Injection Packers - ft. OALabs

I'm excited to share with you a video collaboration with @herrcore from OALabs about unpacking a self-injection malware. Definitely also checkout their channel if you want to learn more about malware analysis!

OALabs shows a walk-through of how to unpack a sample malware and explains some b...

View Post

I pledge for ...

I would like to better understand why you pledge or what you pledge for. I haven't charged you for today's video and I want to know if that was the right decision, or going forward you would have been okay being charged for it.

View Post

Business, Money, 300k Subscribers and What's Next

Business, Money, 300k Subscribers and What's Next

A vlog with a recap about the last year, how LiveOverflow is now a business and generally what is going on behind the scenes.

As you know, on Patreon you are pledging for each video I make - however I didn't charge for this video because it's not a technical video you might expect. So I hav...

View Post

GitLab 11.4.7 Remote Code Execution

GitLab 11.4.7 Remote Code Execution

 Video write-up about the Real World CTF challenge "flaglab" that involved exploiting a GitLab 1day. Actually two CVEs are combined to achieve full remote code execution:

CVE-2018-19571 (SSRF) + CVE-2018-19585 (CRLF) = RCE

Not only is there a video, but thanks to your support I ...

View Post

Fuzzing Browsers for weird XSS Vectors

Fuzzing Browsers for weird XSS Vectors

 We have a look at another interesting XSS vector due to weird Firefox parsing, and then explore how researchers find this stuff.

View Post

How did Masato find the Google Search XSS?

How did Masato find the Google Search XSS?

 Last week I showed you a XSS on Google Search. In this follow-up video we discuss how @kinugawamasato found the XSS and find evidence of a conspiracy of XSS researchers!!!11!!1!! 

View Post

XSS on Google Search - Sanitizing HTML in The Client?

XSS on Google Search - Sanitizing HTML in The Client?

I never thought I would experience a XSS on Google Search. But  Masato Kinugawa blew my mind!

This is a video going over the difficulties of sanitizing HTML in JavaScript.

The fix can be found here:  2019-03-31 11:57:39 +0000 UTC View Post

YouTube Space Berlin

YouTube Space Berlin

Hey!

This week I was three days at the YouTube Space in Berlin. I thought I could write a small comment for Patreon about this, because I think it’s quite interesting to know that this exists.

YouTube has spaces around the world (2019-03-30 17:37:45 +0000 UTC View Post

Weird Return-Oriented Programming Tutorial

Weird Return-Oriented Programming Tutorial

There are a lot of tutorials on ROP out there, so I try to explain the concept in a different way. Maybe that's a bad idea and a lot more confusing. But if you didn't understand it yet, or you already know ROP, then this could be interesting. 

View Post

I know this looks weird.

I know this looks weird.

It's a screenshot from an upcoming video series. It's part of the same series where this image was from: https://www.patreon.com/posts/24461460

View Post

Introducing Weird Machines: ROP Differently Explaining part 1 - bin 0x29

Introducing Weird Machines: ROP Differently Explaining part 1 - bin 0x29

This is the first part where I try to explain Return-oriented Programming in a different way. And in this video I want to introduce what a weird machine is... it's kinda theoretical, but the concept can be applied to a lot of exploits. Developing that intuition feels very important to me. But be ...

View Post

Ethereum Smart Contract Backdoored Using Malicious Constructor

Ethereum Smart Contract Backdoored Using Malicious Constructor

Remember the crazy smart contract challenge from the Real World CTF? Here is a video specifically talking about the backdoor method used. Together with @ret2got we finally understood it. 

Acoraida Monica - Real World C...

View Post

Rediscovering the f00dbabe Firmware Update Issue - Hardware Wallet Research #7

Rediscovering the f00dbabe Firmware Update Issue - Hardware Wallet Research #7

We finally figure out how to create a firmware update, but als run into an annoying check. However based on what we have learned so far, we can find a bypass - rediscovering the f00dbabe issue. 

View Post

Analysing a Firefox Malware browserassist.dll - FLARE-On 2018

Analysing a Firefox Malware browserassist.dll - FLARE-On 2018

 This is another challenge of the FLARE-On 2018 CTF. This challenge is about analysing the functionality of a Firefox malware, but I got a bit lucky :D 

View Post